Heartbleed Havoc_ 10 Passwords You Need To Change Right Now

Hello there!
From time to time, we at the business desk are pleased to bring you articles
that can help you to deal more effectively and efficiently with the wide
world of technology. If you are struggling to keep up or are a bit lost
when it comes to being able to do things on your own without having to ask
or pay for help then we invite you to read on.
Today we have a great little article for you;
Heartbleed Havoc_ 10 Passwords You Need To Change Right Now

We hope you find this article useful. Have a great day.
The business desk team
Follow us on Twitter @accessibleworld

+++++++++++++++
A Dan Thompson contribution

Heartbleed Havoc: 10 Passwords You Need To Change Right Now

Link to this article and more from

Tech For Everyone

http://www.crn.com/slide-shows/security/300072499/heartbleed-havoc-10-passwo
rds-you-need-to-change-right-now.htm

byRobert Westervelt on April 10, 2014, 1:28 pm EDT

*1. The Heartbleed Threat Demands User Attention

The serious Heartbleed bug
that has plagued OpenSSL, the open-source
encryption protocol, has system administrators scrambling to patch the
back-end systems supporting many popular online services. Administrators
also are revoking keys associated with the digital certificates that
validate the authenticity of a website or service, according to Finnish
security testing firm Codenomicon, which has set up a thorough website
addressing the issue .

This can be found here:

http://heartbleed.com/

Users of online services need to take action as well, say security experts,
as hundreds of thousands of servers, including those that support Google,
Yahoo and Dropbox, may have been impacted. Many of those services are urging
users to change their passwords. Here are 10 of those services.

*2. Google Services, Gmail

Google issued a statement on its official Security Blog
outlining its progress in patching the vulnerability. The
firm has said it isn’t requiring users to change their passwords, but it is
gently prodding users to make a change as a matter of good practice.

Impacted services include Search, Gmail, YouTube, Wallet, Play, Apps and App
Engine. Google Chrome and Chrome OS are not affected, the company said.
Businesses that use the Google Search Appliance, Cloud SQL or the Google
Compute Engine also are impacted and must update their back-end systems to
the latest OpenSSL iteration.

*3. Android Smartphones

Google said the latest Android hardware that supports Android version 4.4
KitKat is immune to the vulnerability. However, users of Android 4.1.1
Jellybean are impacted, Google said. The company has distributed patching
instructions to Android partners, so users should keep an eye out for a
firmware update from their carrier.

*4. Tumblr Bloggers

Tumblr content management system users were impacted by Heartbleed. Tumblr
issued a warning to users
, urging
them to change their user account credentials. The company said users should
change the password “everywhere” it is used, especially for “high-security
services like email, file storage, and banking, which may have been
compromised by this bug.”

*5. Facebook

A Facebook spokesperson told ABC News that the company addressed the issue
before The Open SSL Project publicly disclosed the flaw. The popular social
network, which closely monitors its user accounts for anomalous activity
that could signal a problem, said it hasn’t detected any spikes in attacks
or hijacked accounts. The firm is still advising users to use a unique
password and follow good practices by updating to a new password.

*6. Yahoo Mail

Search engine giant Yahoo said it updated its services, which include
Tumblr. Yahoo is not urging users to change their passwords, but security
experts told CRN that a password change is necessary to greatly reduce the
risk of an account hijacking. Yahoo Mail has had previous account security
issues, being targeted in a coordinated attack campaign
by cybercriminals who gained access to user names and
passwords from a third-party database, the company said in January. It
didn’t acknowledge how many users were impacted.

*7. Amazon Web Services

Amazon Web Services issued a services update indicating that Heartbleed
affected all of its load-balancers and urged users to terminate their secure
services and rotate their SSL certificates. Amazon EC2 users need to take
action to patch the flaw themselves if they are using Linux images, the
company said. EC2 users also need to rotate any secrets or keys. Amazon
CloudFront content delivery service users also were impacted by the bug and
should rotate their SSL certificates.

*8. Intuit TurboTax Users

People who filed their taxes using the TurboTax preparation service are
being urged by security experts to change their passwords. The company
issued a press release indicating that it patched its back-end systems,
which were affected by the Heartbleed bug. “Taxpayers can be confident that
TurboTax websites are secure and their personal and financial information
are safe. They can file their return today with confidence,” said “Nat”
Rajesh Natarajan, the company’s chief technology officer and vice president
of product development product management, in a statement.

*9. Dropbox

Dropbox did not issue a statement, but told users through its Twitter
account that it patched its user-facing services to repair the OpenSSL bug.
A simple password change as a result of the affected service will bolster
security and is a standard, good practice, say security experts.

*10. LastPass

The back-end servers supporting the LastPass password management service
were impacted by the vulnerability, but the company said the encryption key
that enables users to gain access to their password database is stored
locally, meaning that the master password is not on its servers. Sensitive
data is never transmitted over SSL unencrypted because it is already
encrypted locally, the firm said.

“Because other websites may not be encrypting data the way LastPass does, we
recommend that LastPass users generate new passwords for their most critical
sites (such as email, banking, and social networks),” the company said in an
extensive blog post on the Heartbleed threat
.

Found at the link below.

http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html

This entry was posted in Uncategorized. Bookmark the permalink.