What is it, and what do you do about it???

The Heart Bleed Virus

What is the Heart Bleed virus

• Flaw in Open SSL, which is the encryption used

to make data transfer secure

• Encryption makes the data look like nonsense to

anyone but the recipient

• Sometimes, a computer will send out a small

packet of data (called a heartbeat) to see if there

is still a computer at the end of its connection

• Researchers discovered a programming error

that allowed people to send a well-disguised

packet of data that looks like the heartbeat

Some key points

• This flaw (the ability to send a fake packet

of data) has been available for abuse for

about two years!

• The flaw was discovered by Google

• There are no traces left when these fake

data packages are sent

So how bad is it?

• Pretty bad. Web servers keep lots of info on

their sites, such as usernames, passwords,

content which has been uploaded and even

credit card numbers

• Even worse, hackers can steal encryption keys,

making it possible to intercept data and read it

without having to have a secure connection

• This means that companies can change their

encryption keys, but still be vulnerable!

What does it mean to you?

• This is an issue not only with your devices,

but also with the software that powers the

services we use

• Sites can include social media,

employment, hobby sites, software

installation sites or even government sites

• 66% of sites are powered by technology

built around SSL

What do you do?

• Since it has been around for two years

and leaves no trace, assume that

accounts may have been compromised.

• Change online passwords, especially ones

needing privacy and security

• Remember, though, if your site hasn’t

upgraded its software, you may need to

change the password again

Are my sites affected?

• Most major service providers have either

fixed or are currently fixing their sites.

• On this site (run by Filippo Valsor, an

Italian consultant specializing in security)

you can enter a site and see if it has been

fixed or unaffected. Try this today!

http://filippo.io/Heartbleed/

Sites to change passwords on

• Social networks: Facebook, Instagram,

Pinterest, Tumblr, Twitter,

• Other companies: Google, Yahoo, Gmail,

Yahoo mail,

• Shopping sites: Etsy, GoDaddy,

• Entertainment: Flickr, Netflix, SoundCloud,

YouTube,

• Banking: USAA,

• Other: Dropbox, GitHub, OKCupid,

Change your password today to

protect your identity!

Sources: http://www.businessinsider.com/heartbleed-bug-explainer-2014-4,

http://mashable.com/2014/04/11/mashable-explains-heartbleed-2/