I've had a few family members ask about the "Heartbleed" bug that has made headlines over the last week. There are several details about this bug that I would like to bring attention to.
First off, this bug has wide reaching impact. An estimated 30% of internet servers world-wide were impacted by this issue. The bug can expose almost any information that is stored in memory on the server that was accessed. This includes things like usernames and passwords of users who had logged in recently, database passwords, server encryption keys, and administrator account credentials (in rare cases). The bug doesn't give the attacker control of the server directly but for some services it could expose information that would allow the attacker to make changes to the service. The attack leaves no indication that it has been performed on most servers so it is almost impossible for a company to know if their servers had been attacked.
Most of the main servers that were effected by the bug are now patched but finding a list of these servers is difficult but there is a short list of servers at Tom's Guide. You should change your password if you use any of the listed services and logout and back in to some of them to revoke your stored authentication tokens.
If you get prompted by a company to change your password you should, BUT DON'T FOLLOW AN EMAIL LINK TO DO SO. Instead, go to the site directly and follow whatever steps are on the site (usually under something like "my account"). Remember that an attacker could have obtained a list of customer's names and email addresses from vulnerable site.
More info on the bug at heartbleed.com and http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
No comments:
Post a Comment