Global Data Security Flaw – Change Passwords Now!
Massive Internet Security Breach
Please read this email, it really does affect everybody. Yesterday I received an email from a partner, securi.net, who watch over some of my websites. They were very prompt in addressing the issue about the latest heartbleed security flaw.
To that that the Internet security people started to get a little tense is an understatement – they must have went ballistic. You see OpenSSL (a process which keeps your passwords secured over Internet traffic) has a major security flaw and has been there since around December 2011… almost two years! OpenSSL is used on all kinds of devices. Apache web servers are just one example, and apache web servers account for at least 50% of all global web servers… and that’s just one part… then there are crm tools based on apache, telephone systems, apps, games, games consoles…etc etc. So its massive and affects everybody.
So what exactly is this security flaw?
To put it plainly, if your data and/or login details are stored in the servers memory, the hacker is allowed to “spoof” its way into the server, and access your data. Further more, if the hacker has gotten a hold of your data, and is “getting” around to getting in to your information, you are vulnerable. The hacker can get into the system without leaving any trace in the systems log files.
Codenomicon have written a detailed article here, and also here is the BBCs news report, running at number one.
What’s the latest?
The very least you can do is to change ALL of your passwords for EVERYTHING! As was quoted to me today… “on a scale of 1 to 10, this one is an 11”. A patch has been found and is being deployed by system admins in these data centres. But don’t rely that being the end of the issue. As always keep your passwords difficult to guess, but ideally easy for you to remember. I always say, passwords are like toothbrushes, they were our quite quickly.
Is it time to upgrade Windows XP
On a side note, as always, you should keep your operating system up to date, with patches and updates, as these things, on smaller scales are found regularly. Remember that Windows XP is now end of life as of yesterday, so there are no more updates for that. If you have the finances upgrade to a new PC, or upgrade the operating system on your old PC. Remember that if your computer is already infected with malware, removal is necessary, as these things lead to breaches in your systems security. You can find details of the Eset product and a link to the free Eset online scanner here.
Update Malware Software, and Malware Removal & Security Tools
Also remember to ensure that your malware software is kept up to date, at all times, and use something that is proven to work. Eset Endpoint Protection, McAfee, Kaspersky and F-Secure all do a really good job. Eset Endpoint Protection will protect you from id theft, as well as the usual malware removal tools. If you want to protect your website, we recommend using Securi, and their cloud solution a Website Firewall, CloudProxy will automatically protect you against both this and many other threats. It also aids seo rankings with their very fast caching servers. Here is their link.