Time 2 ch@ng3 y0ur p@55w0rd5

“Heartbleed” security exploit of OpenSSL causing heartache for millions of internet users. Major websites affected include Yahoo & GitHub, among others.  According to the UK Daily Mail:

Heartbleed, so called because it creates a ‘bleeding’ leak of security, is a flaw in OpenSSL, the software used by the majority of websites to keep data secure.

HeartBleed: License to steal

The programme works by encrypting data – such as emails, instant messages, bank details or passwords – making it look like nonsense to hackers.

When a line of communication is secure and information encrypted, the user sees a padlock on the page. When software is active, one computer may send a ‘heartbeat’ – a small packet of data – to check there is still another computer at the other end.

However, a flaw in the programming meant it was possible to trick the computer at the other end by sending it a packet of data that looked like one of these heartbeats. This made it possible for hackers to impersonate the website and steal the encryption keys, revealing the data being sent.

The bug was found simultaneously by a Google security researcher and a small Finnish security firm named Codenomicon and disclosed on Monday night.

LastPass HeartBleed Checker (click to open site in new window)
LastPass HeartBleed Checker

Heartbleed SSL domain checkers have been set up by several firms, including Qualys and LastPass.  These checkers let users know if the website’s certificates have been updated properly, and provides a secure link to help update the user’s password for that site.

According to an update posted on cNET, the LastPass site now has added automatic validation for any sites their users have previously bookmarked.

One thought on “Time 2 ch@ng3 y0ur p@55w0rd5”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s