Products Process About News Contact
Ecaret Solutions
At E-Caret Solutions, we create scalable software solutions for our clients across diverse industries
that can grow as the enterprise grows
Read More...

Bypass the threat from HEARTBLEED

by 17:01 0 comments
Hackers have enjoyed a back door into our digital lives for the past two years thanks to the Heartbleed security disaster
.It's no exaggeration to say Heartbleed is one of the most significant security threats in the history of the internet. Everyone who uses the internet is exposed to Heartbleed – Windows, Mac and Linux users alike, along with smartphone and tablet owners. Heartbleed isn't a virus, nor is it a bug in one specific application. The reason Heartbleed is such a significant threat is it's a flaw at the very heart of online security. 
The Heartbleed flaw lies in the Open SSL encryption system used by many of the world's largest online services, including Google, Facebook, Yahoo, Dropbox and many others. The vulnerability extends to email, instant messaging, online storage and any other supposedly secure services these giants offer. The security padlock icon in your browser may have assured you that you were safe from prying eyes, but you weren't.

Undiscovered for two years, the Heartbleed flaw lets hackers trick vulnerable servers into handing over details of whatever they're currently processing – which could include your password and other security details. Heartbleed also gives hackers the ability to snoop on your traffic and even set up fake websites that look genuine and still display the security padlock. 
 Perhaps the scariest thing about Heartbleed is that it doesn't show up on server logs, so there's no way of knowing who has sneaked into your accounts and what they may have found. All we can do at this point is change the locks and issue new keys to everyone – which means updating servers and changing passwords.
The best way to protect yourself against Heartbleed is to change your passwords on every affected website and service. It's important to wait until after they've installed the Heartbleed security patch on their servers, otherwise hackers could steal your new password as well. Most affected services should have patched the flaw by now, but if you're unsure you should check their support pages or contact customer support.
Many websites, including Google and Facebook, use two-factor authentication to keep hackers out of your accounts, even if they get their hands on your passwords. When you login from a new device for the first time you're required to enter a one-time secondary passcode, generated by an app or sent to you as a text message.
Heartbleed offers the opportunity to rethink your password strategy, opting for stronger passwords and resisting the temptation to reuse passwords. PayPal might not be vulnerable to Heartbleed, but if you've used the same email address and password as your Google or Facebook accounts then hackers might try using those details to break into PayPal along with iTunes, eBay, Amazon and plenty of other services. 
 Heartbleed vulnerability has also been found in Google's Android 4.1.1 smartphone and tablet software, which requires a security patch. Many home routers and network-attached storage drives that offer secure remote access over the internet are also vulnerable to Heartbleed and require a firmware update.


Courtesy : Adam Turner