The heartbleed bug is currently causing some real problems. We would urge everyone to improve their network and PC security by changing their passwords for all vital websites and online accounts, particularly if they share a password.
You may have heard of the Heartbleed bug but it’s not actually a virus, it’s a security flaw in the way some servers are built. Fortunately, the software manufacturers have provided fixes for the problems but you can’t guarantee that every site you’ve signed up to will apply the fixes immediately.
Heartbleed has caused problems because, now it’s been discovered, it only takes a moderate amount of technical knowledge to be able to exploit it which means that lots of people may attempt to use it to harvest your passwords and security keys and there’s no way to check if this has happened.
Dr. Steven Murdoch from the Cambridge Computer Laboratory has said that there’s a “low to medium risk that any given password has been compromised”. However, this may grow if other service managers do not apply the fixes quickly, so it’s easy to improve your PC’s security and protect yourself from this by changing your password in line with these suggestions:
Change passwords on all your important online accounts. Normally, most of us only have 4 or 5 websites that are vital so these should be the ones to change first, alongside sites where you’ve bought something online with your current card details. When you choose new passwords, make sure you consider the following:
Don’t choose an obvious password or one that’s easily associated with you.
Lots of people will use their children’s or pet’s name as a password. If your social media accounts have been compromised then these will be the first things hackers will try. A good rule of thumb is: if you think your friends could guess it, then it isn’t secure enough.
Use different characters.
Lots of punctuation and numbers as well as upper and lowercase letters will make it much harder for a hacker to guess.
Choose passwords that aren’t in the dictionary
These sorts of passwords are vulnerable to something called a “brute force attack” where an attacking computer will make millions of different attempts to “guess” your password. The very first things targeted are words from the dictionary.
Use different passwords for different sites and systems
If hackers compromise one system you do not want them having the key to unlock all your other accounts.
We know, we know – this one’s a nightmare! Unfortunately, it’s a pretty important one for PC security. Try to develop a system for your passwords so you don’t have to remember different ones each time but can work it out from the site and your system. One suggestion is to use a word or phrase you associate with the site: your paypal account password could be something like: “mybalanceisalwayslowerthaniexpect” and then change it in a way that’s familiar: by replacing some letters with numbers (3’s look like E’s, 4’s look like A’s) or adding a punctuation mark after the second word or capitalising the fourth or fifth word. It might then look something like this: “my£Balanc3!isALWAYSlow3rthanI3xpect!”
Keep your passwords safe
With multiple passwords it is tempting to write them down and carry them around with you but it’s not ideal. Paper has a habit of getting lost and if someone picks up a list of your account usernames and passwords it could cause real problems. Android or iPhones have password vault apps for your phone – these are more secure but if you don’t have these and you really have to write them down, then try to disguise them and definitely don’t put them together with usernames or any other personal information.
10-100 have applied the fixes to all our webservers so, as long as you change your password, the security flaw won’t affect you. If you’re concerned about anything else, a very useful site has been put together to check for vulnerabilities and provides more information.
Above all, if you have any major concerns, please give us a call on 01908 424450 or contact us with any questions on IT Network or PC security.