Client Alert #30 Heartbleed Bug
Please read this entire alert!
Information on the Heartbleed Bug
You may have recently heard in the news or on the web about a new security vulnerability dubbed the Heartbleed Bug. This bug affects web sites and email services which use a version of OpenSSL encryption software - now considered to be around 17% of the world’s web services! Security experts are taking this bug very seriously and most affected companies are quickly taking action.
What this means to you
Vulnerable websites are encouraging their users to update their passwords as a precaution. Of course, account passwords shouldn’t be changed until the website updates their system to patch the bug. So don’t rush out and change all your passwords just yet. As explained by the creators of 1Password:
- “You will, at some point, need to change a lot of passwords. But don’t rush to do that just yet. Not every server is affected, and those that are need to fix things at their end before you change your password. If you change your password before the servers fix things, then your new password will also be vulnerable to capture.
- All that most of us can do is wait at this point. Presumably, various service providers will announce over the next few days when and whether users should change passwords or be aware that other confidential information may have been exposed.”
Since we’ll all need to change a lot of passwords in the near future, now is a great time to start using a password manager to create strong passwords. We’ve long been advocates of using a solution called 1Password from AgileBits. Coincidentally, we were about to release a client alert about password management and the advantages of using 1Password. There are versions for OS X, Windows, the iPhone and iPad as well as Android, and they all sync together beautifully. Once properly configured, you can have fast access to all of your secure password data where ever you are.
Call Andy! engineers are very familiar with installing and configuring 1Password. We can help you get started and regain control of your passwords. Give us a call.
For more information about the Heartbleed Bug, how it works and who’s affected, take a look at these informative links:
A simple, yet effective illustration of how the Heartbleed vulnerability works:
xkcd: Heartbleed Explanation
Great article from Adam Engst about Heartbleed:
TidBITS: The Normal Person’s Guide to the Heartbleed Vulnerability
Here is an excellent list of the passwords experts recommend that users change quickly:
The Heartbleed Hit List: The Passwords You Need to Change Right Now
AgileBits blog post about Heartbleed and security in general:
Heartbleed: Imagine no SSL encryption, it’s scary if you try | Agile Blog
If you're concerned that an account or service you use may have been compromised, please don't hesitate to call please don’t hesitate to contact your Call Andy! engineer and we can assist in the investigation. We'll be sharing additional security tips and best practices in future client updates.
As always, thank you for your continued reliance on us as your Mac IT resource.