April 13, 2014

  • heartbleed bug

    This is my heartbleed strategy for what it's worth.  My online banking site password will be changed, obviously, along with my 2013 tax efile password.  Also every site that has my social security number or mother's maiden name.  I do not have a credit card, but I did get a debit card last month, and with it, five new purchase sites to secure.

    Email sites are vulnerable, say the experts, in particular Google, Yahoo, and Youtube.  I can't think of any email messages I've sent containing protected information, but probably a clever identity thief would find something.  Here is a core list of heartbleed bug websites, which includes email servers:
    http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

    I found a browser app that displays a warning message whenever I visit a heartbleed-vulnerable site.  It runs in google chrome.  I compiled a complete list of all my passwords, and the next step is to test and change them if needed.
    heartbleed-ap

    I found a free password manager that generates funky strings like v!=~Mnp95XB{.  I can click on a site and then paste the new ridiculous password.  It’s pretty easy.
    passsafe

    "Security experts warn that attackers exploiting the heartbleed vulnerability could use it to impersonate a server.  A server’s private keys are used to generate certificates that prove that a server is legitimate, similar to the way we use passports and other forms of ID to prove who we are.  Now a vulnerable banking or credit card site can be impersonated by an attacker who might use it to lure unwitting users to hand over their account names and passwords." (from recode.net)

    And it's not just identity theft we're subject to.  There are hackers who want to enslave you, i.e., take control of your computer in a concerted denial of service attack.

     

    That being said, here's some entertainment: