Yet another big headline starts everyone buzzing, I’m talking of course about the ‘Heartbleed’ exploit. So what is it? Well in simple terms it’s a way for hackers to ‘bust’ a bit of supposedly secure code in order to gather information, some of which could be passwords, but not exclusively.
This will undoubtedly lead to a spate of phishing emails purporting to be from well known sites; asking you to reset your password – BEWARE!
This ‘bit of code’ is used by many sites to secure their connection (the padlock you may see) and hopefully by now those sites who were vulnerable will have emailed you to tell you to change your passwords, others will have emailed you to tell you all is fine and they were not using it. However please don’t think it’s just another scare, this could affect many people and rather than go into the details here, I recommend reading this post on ZDNET’s site by a respected author.
For our clients please be assured that all services on our servers are protected against this vulnerability. Corrective measures were taken on the day this was reported, and as such our servers are not subject to attacks of this nature.
However it’s always good to remind people to be vigilant and have good secure passwords, changed often, so if you’ve not changed yours recently why not do it now?
To help here’s something that I use: keepass, it’s completely free, open source (hooray!) and all you have to do is remember one good password for the program, from there it’s just a couple of clicks to use a username and password for any site you’ve entered, and as you add them you can generate really complicated passwords that you don’t have to worry about forgetting! Lastly this cartoon mentioned in the ZDNET piece is a sobering reminder that complicated isn’t always good, perhaps it may give you some good ideas…
PS. If you want to check a site is patched try this link