CablesAndKits Blog

adding value to your IT infrastructure

Heartburn…or Heartbleed?

by

As you may have heard, there is a new widespread security vulnerability out on the interwebs called “Heartbleed”.

Let me start out by saying that cablesandkits.com was not / is not vulnerable. We were aware of the Heartbleed vulnerability and took steps to confirm our status within 24 hours of when the vulnerability was made known to the public.  Our on-going promise is to take every precaution possible to keep our site and your information safe not only from Heartbleed, but any other attack.

Now that we have that out of the way, you are probably wondering, “What in the world is Heartbleed?”

HeartBleed

Well, we can help with that. Since this is an ever-evolving situation, we will stick to the facts and the best ways to protect yourself and your personal data.

First off, what exactly is Heartbleed? (Ok, this is going to get VERY technical, but only for a moment…)

From cnet.com:

Heartbleed is a security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. That means a user’s sensitive personal data — including usernames, passwords, and credit card information — is potentially at risk of being intercepted. The vulnerability also means an attacker could steal a server’s digital keys that are used to encrypt communications and get access to a company’s secret internal documents.

Now, most importantly, what do you need to do about it?

  • If you think you might have visited a site that is infected or is vulnerable to Heartbleed, you need to change your password, please wait until you get confirmation from the specific website/online store that the vulnerability has been patched. You can check a site with a tool called LastPass. We would recommend even if you use the tool to check with the company itself to confirm that they are safe and not vulnerable to Heartbleed.
  • You should be cautious about visiting websites that you do not trust.  Generally the risk is that such a website might try to install a virus on your computer, but if you’re using a vulnerable browser they could use Heartbleed to go after any passwords you have stored in your browser’s memory. (see next point)
  • Microsoft/Apple computers and devices should be safe, but if you’re using an Android phone that hasn’t been updated, then you might be vulnerable.  If you’d like to check, go to your phone settings, there should be an “About” or “About Phone” link, check to see what your Android version is.  If it’s 4.1.1, contact your carrier about updating your phone.
  • Always be in a routine of changing your passwords. This is a recommended safety precaution that everyone should take with all of their email, bank, and personal information accounts.
  • Below are some recommended sites for you to check with and confirm that they have been patched for the Heartbleed bug: (this is not meant to be an all-inclusive list )

Facebook
Instagram
Pinterest
Twitter
Tumblr
Google
Gmail
Yahoo
Etsy
Flickr
Minecraft
Netflix
Youtube
Soundcloud
Dropbox
Wikipedia

We all know that the web can be a scary place at times.  You have to realize that issues like this will come up from time to time, but if you take the necessary steps to guard and protect your information then you can have peace of mind that your information is safe.