What is Heartbleed?
- Heartbleed is not a true ‘virus’, however it exploits a vulnerability in OpenSSL (Secure Socket Layer).
-Used by insurance agents and carriers for TLS email security.
- This affects some websites that display addresses beginning with “https:” – but not all. It allows hackers to more easily steal logins and passwords.
- Most financial institutions don’t use OpenSSL, but many sites like Gmail, Facebook, and Yahoo do.
Insurance Industry Response
- Insurance industry vendors are working to determine if they are affected, and if so, apply fixes.
- You may be receiving emails from your vendor(s) confirming this. If not, check with them before changing passwords.
What should YOU do?
- Check whether websites or services you use are safe.
- Review continually-updated lists. One is at GitHub: GitHub Heartbleed Masstest
- Test the sites you frequent using a Heartbleed testing service. Following are just two of many testing services:
- McAfee – Free Heartbleed Checker Tool: http://tif.mcafee.com/heartbleedtest
- Filippo Valsorda’s Tool: https://filippo.io/Heartbleed/
- Take steps to re-set your passwords but only once the provider has patched.
- Keep a close eye on your online transactions (credit card, bank account, and other financial statements).
Moving Forward
Heartbleed is also a clear reminder that you must have a strong ongoing ID/Password policy:
- Change your passwords on a regular basis – every 60 days is recommended.
- Do not use the same password on multiple sites.
- Use strong passwords – Containing 8+ characters, including both upper and lower case letters and numbers, and special characters if allowed (“!”, “$”, etc.).
- Continue to be vigilant – Watch for more news on Heartbleed and viruses.
This overview contains summaries from an article created by Steve Anderson, hosted on his ‘Tech Tips’ website
No comments:
Post a Comment