Bleeding Heart

heartbleedBy now many of you have heard of the Heart Bleed security problem on the Internet. This is not a problem on user’s computers but on servers that run “secure” Internet and email sites. It doesn’t matter if you are running Mac or Windows. All systems are vulnerable.
Do you have to do anything? Yes. WHEN your email or the secure website says it’s fixed, then you can change your passwords. (System administrators may want to get new security certificates.) Also if you have what is called two factor authentications you may want to reset that too. Two factor authentication is usually done by entering a code that is given to you by another device or app that is run on another device.
Since most services are not contacting their customers about whether their site is OK or not, another means is provided.
Go to the web site that you want to check. Look in the address bar and save the part of the address between the double slash and the single slash.
Go to the site http://filippo.io/Heartbleed/.
Type in the information you previously saved and hit enter.
This will test that site and tell you if it is OK.

Some Background
This is not a virus or some other mal-ware. It is a problem that happened when new features were added to the program that runs the security checking. This program is very popular so it is on most computers that run the Internet, email and more.
The problem was quickly fixed and is now being put into older programs. Older programs that came out between when the new features were added (December 2011) and when the problem was discovered need the fix too.
What is not affected is some even older software that have not had the new features added but only had security fixes applied to them. (e.g. Servers running Ubuntu Long Term Support 10.04 Linux were not affected.) Even these older versions will be updated some time because no software, or any product, can be supported forever and must be upgraded eventually.

The Risks
This problem didn’t allow a bad guy to look for your password or credit card information. It only allowed him to take some of the information that was going from your machine to the Internet. It is that selection that he would then use to look for passwords and other valuables. Over the time this vulnerability has occurred (I’ve only seen two Yahoo! users that may have had their online passwords discovered by this method). Though my report is only anecdotal and may have other causes other reports indicate Yahoo! (who does AT&T’s email) was more affected than others by this bug.

The Payback
Stephen Arthuro Solis-Reyes of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data. He was arrested by the Royal Canadian Mounted Police because of using heart bleed to siphon off 900 Social Insurance Numbers over nine hours from Canada Revenue Agency (CRA) website. This discovery shut down the site for a week during which Canadians could not file their tax returns.
Help
If your server is using OpenSSH and you need help with patching the heart bleed bug call a local expert to protect your users. You do not have to go to the city to find the experience you need to keep you protected. Affinity Computer Masters will help you get out of the “bleeding heart” Call us at 350-6984