The heart bleed virus
-
Upload
san-diego-continuing-education -
Category
Education
-
view
1.729 -
download
2
description
Transcript of The heart bleed virus
What is it, and what do you do about it???
The Heart Bleed Virus
What is the Heart Bleed virus
• Flaw in Open SSL, which is the encryption used
to make data transfer secure
• Encryption makes the data look like nonsense to
anyone but the recipient
• Sometimes, a computer will send out a small
packet of data (called a heartbeat) to see if there
is still a computer at the end of its connection
• Researchers discovered a programming error
that allowed people to send a well-disguised
packet of data that looks like the heartbeat
Some key points
• This flaw (the ability to send a fake packet
of data) has been available for abuse for
about two years!
• The flaw was discovered by Google
• There are no traces left when these fake
data packages are sent
So how bad is it?
• Pretty bad. Web servers keep lots of info on
their sites, such as usernames, passwords,
content which has been uploaded and even
credit card numbers
• Even worse, hackers can steal encryption keys,
making it possible to intercept data and read it
without having to have a secure connection
• This means that companies can change their
encryption keys, but still be vulnerable!
What does it mean to you?
• This is an issue not only with your devices,
but also with the software that powers the
services we use
• Sites can include social media,
employment, hobby sites, software
installation sites or even government sites
• 66% of sites are powered by technology
built around SSL
What do you do?
• Since it has been around for two years
and leaves no trace, assume that
accounts may have been compromised.
• Change online passwords, especially ones
needing privacy and security
• Remember, though, if your site hasn’t
upgraded its software, you may need to
change the password again
Are my sites affected?
• Most major service providers have either
fixed or are currently fixing their sites.
• On this site (run by Filippo Valsor, an
Italian consultant specializing in security)
you can enter a site and see if it has been
fixed or unaffected. Try this today!
http://filippo.io/Heartbleed/
Sites to change passwords on
• Social networks: Facebook, Instagram,
Pinterest, Tumblr, Twitter,
• Other companies: Google, Yahoo, Gmail,
Yahoo mail,
• Shopping sites: Etsy, GoDaddy,
• Entertainment: Flickr, Netflix, SoundCloud,
YouTube,
• Banking: USAA,
• Other: Dropbox, GitHub, OKCupid,
Change your password today to
protect your identity!
Sources: http://www.businessinsider.com/heartbleed-bug-explainer-2014-4,
http://mashable.com/2014/04/11/mashable-explains-heartbleed-2/