From my techno-geek husband, about the hack you've probably been hearing about on the news.....
OK: I am keeping this non-technical.
The Bottom line is that a key program used by EVERYONE (google/microsoft/yahoo), etc.. got hacked. and they JUST discovered it after 2 YEARS!!! *
What to do:
Today:
ABSOLUTELY NOTHING today, unless you are running a SSL server. (most likely This means almost NO-ONE... ^
Later this week:
Go to EVERY single site you use. Change ALL of your passwords! NO, I am serious. They are ALL compromised!! #
Ramifications:
This is the ABSOLUTE largest hack in history. If you were to take every single credit card breach in the past 5 years, add them up, and then triple the number, it's not even close to the amount of possible passwords that are now vunerable.
Remember, don't do anything today. Unless THEY updated THEIR servers, it wont matter. Waiting a few days is best.
What this means: (technical stuff)
* Technical junk: OpenSSL (a free and openly developed Secure Socket Layer) protocol and server was HACKED.
# The reason you are waiting a few days is so that Google, Microsoft, and everyone else patches this BEFORE you go through the effort to change your password!
Jo And Craig said
05:46 AM Apr 10, 2014
Let us know when we can change our info. Thanks, Cheryl.
PIEERE said
06:54 AM Apr 10, 2014
Thanks for the info!!! Sometime technology is just a royal Pain!!!! I get used to using different passwords and then---it seems to have start from scratch again!! Maybe I should get all your addresses and us Snail Mail!!! LOL!
bjoyce said
09:31 AM Apr 10, 2014
From http://rickpaulettervjournal.blogspot.com/2014/04/heartbleed-security-flaw-what-you.html: --- Yahoo seems to be most affected. Facebook, Google, and Twitter's Web sites appear to be safe. Yahoo said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.
----
I am not that worried. I did install the Chromebleed extension to Chrome, since I use Chrome.
It isn't nearly as catastrophic as the news would have you believe. Sure, it's a vulnerability and needs to be patched…but the actual likelihood of your passwords being compromised is very, very low. The biggest likelihood is that the SSL keys for the server could have been compromised and thus a bad guy could impersonate the server…although there's a lot more to this than just getting the SSL keys.
Did I go and change my passwords on affected sites after they were patched? Sure, but then I periodically change them anyway.
Am I (or you) at serious risk? Unlikely at best.
Use decent passwords, don't reuse them on different sites, and monitor your credit and bank accounts frequently.
If anybody is interested in decent passwords and how to create and/or remember them say so and I'll go into more detail as this used to be my business before I retired.
From my techno-geek husband, about the hack you've probably been hearing about on the news.....
Today:
# The reason you are waiting a few days is so that Google, Microsoft, and everyone else patches this BEFORE you go through
the effort to change your password!
From http://rickpaulettervjournal.blogspot.com/2014/04/heartbleed-security-flaw-what-you.html:
---
Yahoo seems to be most affected. Facebook, Google, and Twitter's Web sites appear to be safe. Yahoo said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr. Still, a Yahoo spokesperson said the company is still working to make the fix across the rest of the Yahoo sites.
----
I am not that worried. I did install the Chromebleed extension to Chrome, since I use Chrome.
Here is a list of sites that were tested on April 8th - https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt. Yahoo sites are the main worry, which is normal. Most other important sites were not vulnerable.
Heartbleed is actually not a "hack" — it's a vulnerability. The extent of compromise of the vulnerability (how much it was hacked) is unknown.
It's one heck of a vulnerability.
Details here:
http://heartbleed.com/
-- Edited by bugsplatter on Thursday 10th of April 2014 01:57:03 PM
It isn't nearly as catastrophic as the news would have you believe. Sure, it's a vulnerability and needs to be patched…but the actual likelihood of your passwords being compromised is very, very low. The biggest likelihood is that the SSL keys for the server could have been compromised and thus a bad guy could impersonate the server…although there's a lot more to this than just getting the SSL keys.
Did I go and change my passwords on affected sites after they were patched? Sure, but then I periodically change them anyway.
Am I (or you) at serious risk? Unlikely at best.
Use decent passwords, don't reuse them on different sites, and monitor your credit and bank accounts frequently.
If anybody is interested in decent passwords and how to create and/or remember them say so and I'll go into more detail as this used to be my business before I retired.