heartbleed do i need to change my passwordsWe are all asking because of Heartbleed – do I need to change my passwords. Its been said that many platforms are already sending out emails to customers suggesting that users change their passwords. Heartbleed is a bug that causes a vulnerability in OpenSSL which allows information to be stolen over the last 2 years.  It was called Heartbleed because of the name of the heartbeat extension that when exploited leaks information.  So its like the heart bleeding – get it?

Argh darn Heartbleed – Do I need to change my passwords ?

This is an email that I got from IFTTT  which stands for – If this then that – which is an application that allows you to connect different web applications or social networks and to create give a formula (recipe) that says something like – if someone follows me on twitter, send them a message.  I used to use this for various things, but I’m just not an auto girl – I like to do these things myself.  And I wasn’t sure if it was worth breaking the Twitter rules.   I forget even now what I used it for or even that I had it!   So I’m glad they did logged me out, as I had lots of networks connected to this tool.

This is what they said……….. 

A major vulnerability in the technology that powers encryption across much of the internet was discovered this week. Like many other teams, we took immediate action to patch the vulnerability in our infrastructure. 

IFTTT is no longer vulnerable. 

Though we have no evidence of malicious behavior, we’ve taken the extra precaution of logging you out of IFTTT on the web and mobile. We encourage you to change your password not only on IFTTT, but everywhere, as many of the services you love were affected. 

If you have any questions or concerns, please email security@ifttt.com

—The IFTTT Team 

I’ve read also that Tumblr have sent messages out but I have not seen any others yet.

All this got me thinking, what am I to do about Heartbleed – do I need to change my passwords right away, should I be panicking!

The problem is with this bug is that you don’t know that you have been affected ….. and it leaves no trace.  Worryingly I have read that in one way or another we are likely to be affected as 50% of the Internets websites use OpenSSL.  Reports are saying that this could have been going on for 2 years?  Unsure if that’s true but, yes it seems pretty bad.

So, on changing our passwords, we really need to wait until Platforms, Apps and Organisations have completed the update for OpenSSL which contains a fix.  So, I don’t think we need to rush out and change all of our passwords right now, (we will probably crash the servers) but start with the ones that you know have completed the update.   Besides, you should regularly change your passwords so think of it as a late spring clean.

I’m trying to relay this information to you in easy to read language here but its tricky so if you want to know all the ins and outs – Codenomicon have created this webpage with every detail – http://heartbleed.com/  and I do bet this is going to get quite a few hits over the next few weeks / months

I am really pleased to just read that a platform that I use a lot that has all of my networks connected to it, is NOT affected – thank goodness Xeeme – http://xeeme.com/michelledh

How can I tell if a site is affected by Heartbleed

Annie Diamond found a couple of great programs to help check for clean sites – I don’t know how accurate they are but there seems no harm in using them

Test a site you are using by putting in the URL and it will let you know if this site is affected – http://filippo.io/Heartbleed/

If you use Chrome this extension will tell you if the site you are on is affected – Chromebleed

This tool was developed by Jamie Hoyle.
It is based on the excellent work of Filippo Valsorda. – so please report to him any problems with these.

Tips for Changing your password

  • Do not use the same password for all of your networks – if a hacker gets one password they can easily try that on all of your networks.
  • Don’t use common names/places/ things related to you – as these are easy to hack or find out.
  • Make your password at least 8 characters long
  • Do use a mixture of letters or numbers and symbols, with upper and lower cases – the best passwords are something like 3Dsf7&eto0)!   No one is getting in to that sucker. It doesn’t have to be that crazy it could be something slightly more memorable like iL()vM@rmit3  – do you see what I did there? 
  • Keep a spread sheet with all of your passwords on so that you don’t have to remember them and then you can easily copy and pass it over.  There are safes and all sorts of things you can use but this is just simple and easy. Just keep it in a safe place with a password lock that you can remember! ha 🙂

Lets hope heartbleed can be fixed soon and that not too many people have nightmares about it.

Keep secure!