Friday, April 11, 2014

"The Heartbleed Bug Goes Even Deeper Than We Realized- Here's What You Should Do"

"The Heartbleed Bug Goes Even Deeper Than We Realized- 
Here's What You Should Do"
 by  Alexis Kleinman

"Cisco Systems and Juniper Networks, two of the biggest creators of Internet equipment, announced on Thursday that their products had been impacted by the Heartbleed bug. Routers, firewalls and switches from these manufacturers and others have all likely been affected by the bug, leaving your personal information at risk of being stolen by hackers. When information is passed through the Internet, it is encrypted, meaning it is turned into unreadable code, so it can't be easily read and stolen. If you have Internet at home, it goes through a router, a small device that connects different networks together.

On Monday, researchers at security firm Codenomicon and Google Security's Neel Mehta discovered the Heartbleed bug, which leaves some private information, such as passwords and usernames, open to theft. And now Internet equipment companies have discovered hackers could have access to your personal information through your home router.

So what should you do?

• Stay away from public Wi-Fi. You never know what kinds of routers and firewalls public places are using, let alone whether or not they have taken the proper precautions against Heartbleed. You're better off not taking any chances and staying away from public Wi-Fi until this gets settled.

• Change your passwords for the sites that have been patched. Don't go around changing all of your passwords willy nilly. If an affected website hasn't patched itself up, it's useless to change your password since the new one could be stolen too. You should change your passwords on the following sites, since they, according to Mashable, have been patched:

• Change your passwords for Google (and Gmail), Yahoo (and Yahoo Mail), Facebook, Pinterest, Instagram, Tumblr, Etsy, GoDaddy, Intuit, USAA, Box, Dropbox, GitHub, IFTTT, Minecraft, OKCupid, SoundCloud and Wunderlist. As more companies create patches to Heartbleed, this list will likely grow.

• Keep an eye on your credit card and bank statements. If, in the worst case scenario, your identity or personal information was stolen, you probably wouldn't know it right away. You should be periodically checking to make sure there aren't any strange charges on your accounts, just in case.

• Download software updates when they become available. In a message to customers, Cisco revealed that the Heartbleed bug, a problem with the encryption of data online, may allow hackers to get access to people's passwords, usernames and other information. Cisco has released a complete list of all vulnerable products and is working on creating free software updates to protect customers. Juniper has also published a list of vulnerable devices and is working on a solution. Until these companies release software updates, go figure out what kind of router your home or business has and check back on that company's site every few days to see if a software update is available for download. It could take some time, so be patient.

• Turn off your router's remote access. "In the case of home routers, if it's a router that you purchased yourself, almost all of them provide the capability to disable remote access," Adam Allred, a research technologist at the Georgia Tech College of Computing, told The Huffington Post. "Most routers take the home network and the Internet that they connect to and split them into two pieces. Remote access describes the ability to get to your home router from the Internet outside of your home."

Most people don't really need remote access unless they are trying to configure their router from elsewhere, Allred says. Turning it off can make it less likely for hackers to be able to come in and exploit your home router and it wont change your experience at all. People with newer routers should download patches when they become available, and if your router was provided by your ISP (AT&T, Comcast, etc.) Allred recommends that you contact them and ask if they have any plans to patch home routers. Only if you have an older router that you purchased yourself, patches aren't available and you need to use remote access for some reason should you consider getting a new router.”
- http://www.huffingtonpost.com/

Related: Karl Denninger, "EXTREMELY Serious OpenSSL Bug"

No comments:

Post a Comment