The I.Q.D. Team Connection
  • Welcome
  • Iraq News Current
  • PRE & POST RV Information
  • Market Place
  • Twitter Feed
  • Join Our Mailing List
  • Future Of Iraq Project & Other Links
  • The IQD Team Connection Blog & Announcements
  • Quick Links
  • Conf Calls: Recordings
  • Contact Us
  • Financial Planning
  • How to Choose A Financial Advisor
  • Private Bankers: Contacts & Websites
    • Private Bankers - Articles of Interest
  • Computer Security
  • Dinar Dealer & Exchange Info
  • Public Record Sites - Background Checks FREE
  • Real Estate
    • Landlord Tenant Laws & Information
  • Documents: Gifting
  • In Loving Memory of Tim
  • Health & Wellness Blog
  • Health Wellness Products
  • In Loving Memory of Linda

Changing password after "heartbleed" bug? Here's what you need to know

4/10/2014

0 Comments

 
From Our Computer Security Expert
STRAIGHT TALKIN MIKE


By Chenda Ngak
CBS News
April 10, 2014, 2:08 PM

Changing password after "heartbleed" bug? Here's what you need to know


The "heartbleed" bug may have put millions of passwords, credit card details and sensitive information in the hands of nefarious hackers. Before you change your passwords, security experts suggest making sure the website is now secure, and provide tips for creating stronger passwords.
Heartbleed is a bug that made services using OpenSSL encryption vulnerable to attack, including websites, instant messaging software and email accounts. It's worth noting that not all website are affected by the heartbleed bug.

According to data analysis website Datanyze, 17.3 percent of the top 1 million websites ranked by Alexa.com may have been exposed to heartbleed. Internet data company Netcraft reports that a recent survey found 17.5 percent of website that use secure socket layer (SSL) encryption. For many, it's unclear which websites are still at risk, so it's worth taking extra precaution.

"If the website is still vulnerable, changing the password will not accomplish anything. The hacker could potentially view your newly created password, too," Dodi Glenn, director of security intelligence at ThreatTrack Security, told CBS News via email.
  • How to protect yourself from the "Heartbleed" security bug
Glenn says there are websites to check whether or not a website has been patched, and suggested filippo.io/heartbleed or ssllabs.com/ssltest. Password management software maker LastPass also has a service that checks if a website is vulnerable. LastPass recommends users of websites like Yahoo, GitHub and Fitbit update their passwords right away. But if you have a Netflix, Airbnb or Quora account, wait to update.

Trend Micro vice president of security research Rik Ferguson told CBS News via email that if you update too early, not only are you putting your new password at risk, you could be exposing additional data that is requested during the password reset process. Ferguson suggests avoiding services that are not yet patched, until a security fix is released.

"If it is not possible to avoid logging in to a service then continue as normal, changing your password will not bring you any extra security until the server is patched," Ferguson said.

But if you have the same password for several different websites or services, then changing your password right away. Ferguson adds, "any exposure of a shared password may have wider consequences."

Ferguson says you should change your password once you've been notified or discover that a server has had a security update. He suggested avoiding these big mistakes when creating a new password: using words from the dictionary, names, dates of birth, ages, telephone numbers, pet's names, football teams or anything related to you.


Don't use the same password for different services and never share your password. Even words using numbers in place of letters is not secure enough. Ferguson says a word like "P455w0rd" can be cracked within minutes.

Ferguson shared an example of five steps for creating a more secure password.

1. Think of a phrase you can easily remember, for example:

"Motley Crue and Adam and the Ants were the soundtrack of my youth."

2. Take the initial letter of each of those words:

MCAAATAWTSOMY


3. This will be the basis of the password, but we now need to make sure we use upper and lower case characters, numbers and "special characters" like !$&+ for example, let's change cases first:

MCaAatAwtSomY


4. Now change some of those letters for numbers, maybe the letter O to a zero

MCaAatAwtS0mY

5. Now add the special characters, I'll change the "and" into + and &

MC+A&tAwtS0mY

Ferguson suggests creating variations of the password for different websites, like adding the first and last letter of a website name at the beginning or end of a password. He adds that users also need to be aware of phishing scams that attempt to lure people to fake websites.


Mandiant security security expert William Ballenthin told CBS News in an interview that heartbleed compromises past and future communications with a server, like banking or email transactions. He adds that this bug has been "in the wild" for about two years, and was only recently discovered. At this point not much can be done about the past.


But Ballenthin says major websites like Google, Amazon and Yahoo have identified the issues and released a fix. According to tech website Mashable, several major banks are not affected because they do not use OpenSSL encryption software. The website released a list of major sites that were infected by the heartbleed bug and have since been updated, including Facebook, Pinterest, Tumblr, Gmail, Yahoo, Amazon and Dropbox.

© 2014 CBS Interactive Inc. All Rights Reserved.
http://www.cbsnews.com/news/changing-your-password-for-heartbleed-bug-heres-what-you-need-to-know/
0 Comments



Leave a Reply.

    Health Products Favs
    Health Books
    Picture
    filterfluoride
    IGNITEChewable Energy
    Get younger skin the natural way with Chews-4-Healthâ„¢
    Picture
    Picture
    Liquid Zeolite
    Health Books
    Health Products FAV
    Picture
    Get 50% off Vetisse Jimin Ointment

    Categories

    All
    Articles Of Interest
    Automobile
    Banking
    Banking Laws
    Banking Tools
    Books
    Budget Tips
    Business Start Up
    Calculators
    Calling Help Google
    Cashing In
    Cashing In Info
    Cdars
    Changing State Residency
    Charities
    Check Authenticity Of Dinars
    Computer Security
    Con Men
    Credit
    Credit Cards
    Currency Classifications
    Currency Exchange
    Currency Trading Forex
    Debt
    Delarue
    Dinar Dealers - Check Out License
    Dinar Information
    Email Accounts Set Up
    Entities
    Entities Help
    Fair Debt Collection Practices Act
    Financial Planning
    Financing
    Fincen
    Forex & Currency Converters
    Fractional Banking
    Free
    Free Calling
    Fun
    Gifting
    Health & Wellness
    Home Ownership Help
    Home Safety
    Identity Protection
    Insurance
    Internet Crime Center
    Investing
    Iraq Investing
    Iraq News
    Iraq Stock Exchange Isx
    Lop
    Misc
    Modern Money Mechanics
    Money
    Money Financial Planning
    Money. Financial Planning
    Mortgage Scams
    Mr Anonymous
    Music & Inspiration
    News Sources
    Phone Security
    Post Rv Checklists
    Preparedness
    Pre & Post RV Daily Postings
    Privacy
    Private Banking
    Questions To Ask Professionals
    Real Estate
    Retirement
    Rfid Be Aware
    Safes
    Scam & Fraud
    Scam & Fraud
    Security
    Self Help
    Sent In By Our Listeners
    Shopping
    Straight Talkin Mike
    Sudden Wealth
    Tag Account
    Taxes
    Telephone
    Travel
    Twitter
    Veterans Assistance
    Words Of Wisdom

    Garden of Life