Heartbleed for the average user and server owner

EQ Admin

EQ Forum Admin
Staff member
Hello,

By now you have probably heard about the Heartbleed vulnerability. Many sites on the internet including email services and social networks are working to upgrade their networks and systems with patches for Heartbleed. Mostly it is web sites that use https:// and email services that require you to use secure SSL ports that are affected.

What's the problem?

In a nutshell there is a security problem that makes it possible for an attacker to have compromised data including your usernames and passwords across many web sites.

A detailed description is available at Heartbleed Bug. An easy to understand comic is here.

What can I do?

In addition to changing your passwords this is a great time to enable 2 factor authentication for all of your accounts that support it. The direct impact to your account security is far less when your password is compromised if you have 2 factor authentication enabled. The following are links for enabling 2 factor authentication, also commonly referred to as 2FA or 2-step logins.

http://www.emailquestions.com/gmail/3509-setup-gmail-2-step-verification.html

http://www.emailquestions.com/yahoo...yahoo-mail-turn-second-sign-verification.html

http://www.emailquestions.com/hotma...uthentication-login-verification-hotmail.html

Not every mail program and device supports 2FA. Some mail programs and devices such as an xbox require that you create a special application password to use after you enable 2FA for your login accounts. If you can not login to your account after enabling 2 factor authentication first check to see if 2FA is supported on the device, and if not create an application password for that device.

Please also enable 2FA on your social media accounts such as Facebook and Twitter.

If you are a server owner such as operating your own dedicated server you should immediately update openssl with your systems update command for example "sudo yum update"

To test the SSL security of a web site please use this SSL server test.

Everyone should be on the lookout for phishing emails.

  • Do not reply to emails asking for your personal or account information
  • Do not click links asking you to confirm your account information or login details.
  • Do not call phone numbers asking for your information.
Only use customer service phone numbers listed on a trusted web sites contact page.

To reset a password go to the web sites main page and access your account features such as password resets directly from the services web site.
 
Top