Yet another big headline starts everyone buzzing, I’m talking of course about the ‘Heartbleed’ exploit. So what is it? Well in simple terms it’s a way for hackers to ‘bust’ a bit of supposedly secure code in order to gather information, some of which could be passwords, but not exclusively.
This will undoubtedly lead to a spate of phishing emails purporting to be from well known sites; asking you to reset your password – BEWARE!
This ‘bit of code’ is used by many sites to secure their connection (the padlock you may see) and hopefully by now those sites who were vulnerable will have emailed you to tell you to change your passwords, others will have emailed you to tell you all is fine and they were not using it. However please don’t think it’s just another scare, this could affect many people and rather than go into the details here, I recommend reading this post on ZDNET’s site by a respected author.
For our clients please be assured that all services on our servers are protected against this vulnerability. Corrective measures were taken on the day this was reported, and as such our servers are not subject to attacks of this nature.
However it’s always good to remind people to be vigilant and have good secure passwords, changed often, so if you’ve not changed yours recently why not do it now?
To help here’s something that I use: keepass, it’s completely free, open source (hooray!) and all you have to do is remember one good password for the program, from there it’s just a couple of clicks to use a username and password for any site you’ve entered, and as you add them you can generate really complicated passwords that you don’t have to worry about forgetting! Lastly this cartoon mentioned in the ZDNET piece is a sobering reminder that complicated isn’t always good, perhaps it may give you some good ideas…
PS. If you want to check a site is patched try this link
There are plenty of speculators who think those malware and virus baddies will jump on unsupported PC’s and cause havoc. So what should you do? The obvious is to update to Windows 7 (it is still available in some online shops) or Windows 8, or perhaps even Linux.
If that’s a non starter, then the first thing to do is stop using IE, it’s been out of date for a long time, so switch (if you haven’t already) to either Chrome, who have assured support through to April 2015, or Firefox, who have no plans to stop support. Once that is done, look at your anti-virus package, is it up to date?
Microsoft Security Essentials will support Windows XP until July 14, 2015, so that’s something, but the top 30 AV suppliers have all said they will do the same, some even longer.
Many of Microsoft’s own packages that tend to used on Windows XP are woefully out of date as it is, if you’re using Outlook or Office (2003 or older) then look into moving to something else like Mozilla Thunderbird or GMail for email or LibreOffice for, well, Office!
Other things you can do to try and minimise the danger are; remove Java,there are so few things that rely on it that it’s just not needed, also try getting rid of Adobe’s Flash & PDF viewer, again so few sites use Flash and if you use Firefox or Chrome, they have built in PDF viewers and there are some good free ones that work well too, Sumatra PDF, Foxit Reader, for example.
The last thing to say is, and it should be the most obvious, when you’re browsing and a popup says ‘Your XP install is infected’ or some such drivel, don’t click it!