SSL was not secured after all…this exploit has been around for a while

Typically I try to focus on sending information out related to criminal activity and in the past, have shared some topics on phishing scams running around. I received some information that I felt you should be made aware of from our Cyber Crimes Detective. He has advised that there has been a newly discovered “Heartbleed Bug” exploit that has been reported to affect 2/3 of all servers on the Internet. This means your banking passwords, emails, instant messages, online accounts, etc were all vulnerable to this. The exploit is for the SSL (Secure Sockets Layer) security that these servers use. You know the little “lock” icon in the URL (web address line) that lets you know everything is ok? Well, it might not have been ok after all. The word being used to describe this exploit is “catastrophic” if that means anything to you.

If you think that you are unaffected because nothing has happened to any of your accounts so far, you could possible be wrong. The data mining has been going on for some time now so chances are your passwords have already been captured and might eventually be used. The good news is…it’s not too late to fix it.

Here is one of the better written articles on how to protect yourself from problems: http://time.com/55337/how-to-protect-yourself-against-the-heartbleed-bug/

If you are more “tech-savvy”, you might understand this link better: http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-r…

There is actually a website devoted to this topic at http://heartbleed.com/

So you might ask “what do I need to do”? A few things to consider would be changing all of your critical (money and work related) passwords and repeat this process again a few days later just in case something wasn’t patched when you made the change. Also, you might consider not using the same version of password for more than one account. I know, I too have TONS of passwords to keep up with and it is a pain, but unfortunately in our high-tech world it is necessary.

Now, in a nutshell, it appears the best way to maintain your security through this event is to change every password you have. Please don’t shoot the messenger…this is coming from an opinion of someone MUCH better skilled in this area than me. Now many of you might have more questions about this problem. I can assure you that I am not the person who has that info. I would recommend you speak to your bank or do some additional research online. Time, CNN, and other media outlets have done reports on this and might have some valuable information for you.

Please understand that not every website has been compromised but it is very difficult to be able to determines which have and have not. Do some research, talk to your Information Technology people at work, speak to your tech savvy friends about it, get other opinions because we must take necessary precautions. We have a highly educated community and I am certain there are a lot of people out there that might be able to respond with their suggestions. My only suggestion is do something that we should be doing on a regular basis (which I must admit I am guilty of not doing) and that is change your passwords frequently.

Leave a Reply