Tintation on Facebook Tintation on Twitter Tintation on StumbleUpon Tintation on Google Tintation on LinkedIn Tintation on YouTube Tintation on Delicious Tintation Articles RSS Feed Send E-mail to Tintation

Tintation – The Web Resources Blog » Virus Malware Spyware Removal » Heartbleed Vulnerability

Heartbleed Vulnerability

heartbleed warningYou may have heard about or received contact about the Heartbleed vulnerability recently. We have put together the following FAQ to help answer your questions:

- What is Heartbleed?
Heartbleed is a vulnerability in SSL, which is the method that most traffic is encrypted on the internet.

- How does it work?
The flaw in SSL allows servers that serve encrypted traffic over the internet that allows attackers to dump the memory of the webserver and read the encrypted web requests to the server in an unencrypted format.

- In plain English?
Any time you log in to a site, attackers have a brief window in which they can dump your username and password from the server without you knowing.

- Have I been affected?
It is very likely that you have. It is estimated the nearly two-thirds of the Internet is/was vulnerable to this bug. Making matters worse, this bug has existed for nearly two years without anyone going public with it.

– What should I do to protect my usernames and passwords?
Make a list of all critical sites that you interact with such as email, social networks, cloud storage, banking, etc.
Test to see if a site is vulnerable by visiting https://lastpass.com/heartbleed/
If the site is still listed as vulnerable, changing your password will do little to protect you as an attacker could just dump your information again. We recommend that you wait until the site is fixed before changing. During this wait time, it is strongly recommended that you do not use the site.
If the site is NOT vulnerable, login and change your password immediately.
Moving forward, we recommend implementing two-factor authentication on sites where it is possible to do so.

- What should I do if I have a site that says it is vulnerable?
If a third party vendor hosts your site, contact them immediately to determine your resolution plan. If you host a vulnerable site yourself, you will need to update to a non-vulnerable version of OpenSSL and reissue your site’s certificate.

Image Credit:
Keyboard – by username “escape 2
Heart – from Wikipedia

Written or Posted by

I am an Enthusiast of Computer Graphics, Web Graphics, SEO, and Codes. I love designing and developing my own websites and blogs. At the same time I love seeing and sharing about other professional, unique, and high quality designs that people make for their websites, graphics, and software.

Filed under: Virus Malware Spyware Removal · Tags: , , , , , ,

Leave a Reply

You can use these tags, but remember Spammy Comments Will be Spammed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>