Friday, April 11, 2014

HeartBleed Bug

Everyone is talking about the "Heart Bleed" bug - and as everyone who uses the internet is exposed to it - let's talk about it.

First of all ... was BeadFX affected?

No. (While we do use open source software - the way it was implemented made it so that we are not affected. But we are monitoring this for new developments.)

Should you change your password?

Yes.

Why?

Because, if you, like most people, re-use your password in multiple places, and one of those OTHER places is affected, your password is out there. And then it doesn't take much for a hacker to start throwing files of hundreds of thousands of passwords at a server, hoping for one that works.

The caveat is, that if the site you change your password on hasn't fixed the problem yet - you will still be at risk. You're going to hate this, but you should be using different passwords on all sites ... . Yeah - that sucks, doesn't it? I have a list of 267 websites that I have passwords on.


For a little clarification - Heartbleed is a bug - not a virus, trojan horse, worm or anything malicious. It is an accident, much like a typo in a dictionary - where everyone is now running around trying to figure out if they have been using the wrong spelling of supercalifragilistic for the last three years (with an a or a i?). The possibility is that someone may use that accident to capture secure data as it moves between your computer and it's destination. The reason why this is a big deal is that the "code" (computer programming) that has this accidental problem is in use in a lot of of places (possibly 60% of the internet!), and not everyone is going to be able to jump on it and patch it (fix it) right away.

Anyway - here are some resources for you for further information:

A list on Mashable of popular sites and whether you need to change the password, and whether it is safe to do so yet.


 A recent article in the Globe and Mail.

 A good guide to safer computing, also Globe and Mail.

And finally - a list of the worst passwords of 2013 - don't use one of these. ;-)

And something to think about - this is one of a number of services that manage your passwords for you - LastPass. I haven't tried it - but it certainly bears thinking about. 

Happy password changing! 



No comments: