A major security vulnerability dubbed Heartbleed was disclosed Monday night with severe implications for the entire Web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames and passwords.
It's an extremely serious issue, affecting some 500,000 servers, according to Netcraft, an Internet research firm. Here's what you can do to make sure your information is protected.
Do not log into accounts from affected sites until you're sure the company has patched the problem. If the company hasn't been forthcoming (confirming a fix or keeping you up to date with progress) reach out to its customer service teams for information, said John Miller, security research manager for TrustWave, a security and compliance firm.
Some Web sites that appeared to have been affected included Yahoo and Facebook, though the companies have said their sites are all or partly fixed (see below for details). You can check sites on an individual status below, though caution is still advised even if the site gives you an "all clear" indication. If you're given a red flag, avoid the site for now.
The natural response might be to want to change passwords immediately, but security experts suggest waiting for confirmation of a fix because further activity on a vulnerable site could exacerbate the problem.
Once you've got confirmation of a security patch, change passwords of sensitive accounts like banks and email first. Even if you've implemented two-factor authentication (which, in addition to a password asks for another piece of identifying information, like a code that's been texted to you) changing that password is recommended.
Don't be shy about reaching out to small businesses that have your data to make sure they are secure. While the high-profile companies like Google and Yahoo certainly knew about the problem and had it patched within 15 hours, small businesses might not even be aware of it, said TrustWave's Miller. Be proactive about making sure your information is safe.
Yahoo and Facebook seems to be the most major Websites that have been vulnerable to the bug (preliminary tests for Google, and Twitter's Web sites said they are safe). The companies said that it has "successfully made appropriate corrections" to the main Yahoo properties: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr, Facebook, Whats App, and Instagram.
The question in the aftermath of something like this is whether Web companies will reform their security practices. There has been a move toward Perfect Forward Secrecy (PFS) by many of the major Web companies, but not all of them have implemented the practice. PFS means essentially that encryption keys get a very short shelf life, and are not used forever. "People should want their communications to be secure as possible. PFS is one thing they can push for in the future," said Miller.
Check which sites have been patched.
All sites are now running normaly
This list is going to be constantly updated; please return to view the latest information as we get it.
No comments:
Post a Comment