Community, have you heard about “Heartbleed” bug? The “heartbleed” bug may have put millions of passwords, credit card details and sensitive information in the hands of nefarious hackers. Before you change your passwords, security experts suggest making sure the website is now secure, and provide tips for creating stronger passwords.
The Heartbleed bug is serious. Disclosed less than two days ago, the Heartbleed bug has sent sites and services across the Internet into patch mode.
How to protect yourself from the “Heartbleed” bug
Glenn says there are websites to check whether or not a website has been patched, and suggestedfilippo.io/heartbleed or ssllabs.com/ssltest. Password management software maker LastPass also has a service that checks if a website is vulnerable. LastPass recommends users of websites like Yahoo, GitHub and Fitbit update their passwords right away. But if you have a Netflix, Airbnb or Quora account, wait to update.
Trend Micro vice president of security research Rik Ferguson told CBS News via email that if you update too early, not only are you putting your new password at risk, you could be exposing additional data that is requested during the password reset process. Ferguson suggests avoiding services that are not yet patched, until a security fix is released.
“If it is not possible to avoid logging in to a service then continue as normal, changing your password will not bring you any extra security until the server is patched,” Ferguson said.
But if you have the same password for several different websites or services, then changing your password right away. Ferguson adds, “any exposure of a shared password may have wider consequences.”
Ferguson says you should change your password once you’ve been notified or discover that a server has had a security update. He suggested avoiding these big mistakes when creating a new password: using words from the dictionary, names, dates of birth, ages, telephone numbers, pet’s names, football teams or anything related to you.
Don’t use the same password for different services and never share your password. Even words using numbers in place of letters is not secure enough. Ferguson says a word like “P455w0rd” can be cracked within minutes.
Ferguson shared an example of five steps for creating a more secure password.
1. Think of a phrase you can easily remember, for example:
“Motley Crue and Adam and the Ants were the soundtrack of my youth.”
2. Take the initial letter of each of those words:
MCAAATAWTSOMY
3. This will be the basis of the password, but we now need to make sure we use upper and lower case characters, numbers and “special characters” like !$&+ for example, let’s change cases first:
MCaAatAwtSomY
4. Now change some of those letters for numbers, maybe the letter O to a zero
MCaAatAwtS0mY
5. Now add the special characters, I’ll change the “and” into + and &
MC+A&tAwtS0mY
Ferguson suggests creating variations of the password for different websites, like adding the first and last letter of a website name at the beginning or end of a password. He adds that users also need to be aware of phishing scams that attempt to lure people to fake websites.
Mandiant security security expert William Ballenthin told CBS News in an interview that heartbleed compromises past and future communications with a server, like banking or email transactions. He adds that this bug has been “in the wild” for about two years, and was only recently discovered. At this point not much can be done about the past.
But Ballenthin says major websites like Google, Amazon and Yahoo have identified the issues and released a fix. According to tech website Mashable, several major banks are not affected because they do not use OpenSSL encryption software. The website released a list of major sites that were infected by the heartbleed bug and have since been updated, including Facebook, Pinterest, Tumblr, Gmail, Yahoo, Amazon and Dropbox.
We hope you find this information useful and maintain a level security to protect yourself and your families.
Month: April 2014
New Proposed Senior Development on Grand View
From – Steve Wallace
This flyer attached below will be delivered to those within 500 feet of this project at the currently empty lot at 3960 Grand View south of Pacific Avenue on East side. The Developer will be at the MVCC tent at the Mar Vista Farmers Market this Sunday. There will be two easels and boards set up showing the project along with flyers for any interested parties.
The developers will be presenting at the Mar Vista Planning and Land Use Committee at the Mar Vista Library on Tuesday April 22, 2014.
Anyone with any concerns or requiring further information about the project should attend that meeting.
South Mar Vista Neighborhood Association 