!!

Welcome Guest

You are viewing this forum as a guest therefore You are Not Allowed to Post and Reply and You are not allowed to view links. Register or Login

collapse

* Search


* Recent Replies

I need help on my seo title and description by [Not Shown, Login to View]
[Jul 15, 2017]


Paypal and Gtb problem by [Not Shown, Login to View]
[Jul 15, 2017]


http versus https by [Not Shown, Login to View]
[Jul 07, 2017]


Identity Verification On amzon Associates account by [Not Shown, Login to View]
[Jul 06, 2017]


site to test my domain name by [Not Shown, Login to View]
[Jul 01, 2017]


how soon by [Not Shown, Login to View]
[Jun 24, 2017]


How to Apply for Payoneer Card and US Payment Service to Receive Amazon & others by [Not Shown, Login to View]
[Jun 19, 2017]


How to Withdraw from Paypal in Nigeria Using Payoneer Card by [Not Shown, Login to View]
[Jun 12, 2017]


linking a post to an external link by [Not Shown, Login to View]
[Jun 10, 2017]


Building with WordPress by [Not Shown, Login to View]
[Jun 09, 2017]


Payoneer card by [Not Shown, Login to View]
[Jun 08, 2017]


Create a blog by [Not Shown, Login to View]
[Jun 07, 2017]


Help on how to send bulk emails by [Not Shown, Login to View]
[Jun 04, 2017]


Facebook advert by [Not Shown, Login to View]
[May 31, 2017]


Hello sir by [Not Shown, Login to View]
[May 31, 2017]


Website Showcase - Drop Your Website Link(s) Here by [Not Shown, Login to View]
[May 28, 2017]


Is Hostnownow.com a reliable company for hosting and domain name registrstion? by [Not Shown, Login to View]
[May 28, 2017]


Practicing NVU by [Not Shown, Login to View]
[May 27, 2017]


Good Day by [Not Shown, Login to View]
[May 24, 2017]


changing domain name by [Not Shown, Login to View]
[May 13, 2017]


No place like home by [Not Shown, Login to View]
[May 13, 2017]


Google AdSense by [Not Shown, Login to View]
[May 09, 2017]


How To Change Dot blogspot to Dot com by [Not Shown, Login to View]
[May 08, 2017]


Meta Tag Error - The element type "meta" must be terminated by the matching end- by [Not Shown, Login to View]
[May 07, 2017]


Site for soccer news by [Not Shown, Login to View]
[May 04, 2017]


How do I know if my new blog is Live? by [Not Shown, Login to View]
[May 04, 2017]


Linking a web page to http://www.ng.com by [Not Shown, Login to View]
[May 03, 2017]


How Can I Set-up social network on my blog website? by [Not Shown, Login to View]
[Apr 24, 2017]


How to register and link my blog to Adsense by [Not Shown, Login to View]
[Apr 23, 2017]


fiverr backlinks by [Not Shown, Login to View]
[Apr 18, 2017]

Author Topic: New Security Flaw Causes Panic On the Internet - Change Your Passwords  (Read 871 times)

0 Members and 1 Guest are viewing this topic.

Offline [Not Shown, Login to View]

  • Administrator
  • Level: Mentor
  • ******
  • Posts: 259597
  • Respect: +7996
  • Gender: Male
  • Location: Benin City
  • 18th Chamber
  • My Rank: 82
Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web -- the one that keeps your email, banking, shopping, passwords and communications private.

Here's what you need to know.


What is it?

It's called the Heartbleed bug, and it is essentially an information leak.

It starts with a hole in the software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters. If you see a padlock image in the address bar, there's a good chance that site is using the encryption software that was impacted by the Heartbleed bug.

"It's probably the worst bug the Internet has ever seen," said Matthew Prince, CEO of website-protecting service CloudFlare. "If a week from now we hear criminals spoofed a massive number of accounts at financial institutions, it won't surprise me."


What does it do?

For more than two years now, Heartbleed has allowed outsiders to peek into the personal information that was supposed to be protected from snoopers.

The bug allows potential hackers to take advantage of a feature that computers use to see if they're still online, known as a "heartbeat extension." But a malicious heartbeat signal could force a computer to divulge secret information stored in its memory.

At the very least, Heartbleed exposes your usernames and passwords. It also compromises the session keys that keep you logged into a website, allowing an outsider to pose as you -- no passwords required. And it allows attackers to pose as a real website and dupe you into giving up your personal details.

Making matters worse, the Heartbleed bug leaves no traces -- you may never know when or if you've been hacked.

"You could watch traffic go back and forth," said Wayne Jackson III, CEO of open source software company Sonatype. "This is a big deal. When you think about the consequences of having visibility into Amazon and Yahoo, that's pretty scary."


Who does this affect?

Most major websites are targets, because they rely on this program. A survey conducted by W3Techs show that 81% of sites run on web server programs Apache and Nginx, and both are vulnerable to the Heartbleed bug.

Many popular sites, including Amazon (AMZN, Fortune 500), Google (GOOG, Fortune 500), Yahoo (YHOO, Fortune 500) and OKCupid, use those encryption tools. Those four sites have updated their websites with a fix for the bug, but many others have not patched their sites yet.


What can I do?

Log out of all websites: email, social media, banking -- everything. But beyond that, it's a waiting game. The websites themselves need to update to a new version of the encryption software to fix the bug. That's why changing all your passwords right away isn't a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable.

Italian cryptographer Filippo Valsorda launched the "Heartbleed Test," which purports to tell you if websites are still compromised.

Passomatic, a startup that lets you change several passwords at once, said all its partners have made the fix. Among them are eBay (EBAY, Fortune 500), Expedia (EXPE), Facebook (FB, Fortune 500), Hulu, Instagram, Netflix (NFLX), Reddit, Wikipedia and Yelp (YELP).


How quickly will this be fixed?

Undoing the damage that has potentially already been done won't be easy. Websites are patching the hole, but the job won't be complete until all websites purge all the old keys they've been using to encrypt data.

That means hackers and and potential government spies who were secretly aware of this flaw would have gotten access to special keys they can use repeatedly until a website revokes them. And there's where it gets complicated. CloudFlare's Prince said the encryption system was never meant to dispose lots of keys at once.

"There will be servers that still have this for years," he said.

Source: You are not allowed to view links. Register or Login


Leave it for God, don't worry yourself. Leave it for God, don't cry no more.

Offline [Not Shown, Login to View]

  • Forum Guide
  • Level 4 (Dedicated)
  • ******
  • Posts: 1056
  • Respect: +267
  • Gender: Male
  • Location: Ibadan, Oyo State of Nigeria
  • 1st Chamber
  • My Rank: 86
@ Boss Tony - Thanks for the useful and educative information.

Best regards,

Aare MacFally
Knowledge Is Power – Seek For It

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 216
  • Respect: +28
  • Gender: Male
  • Location: abuja
  • My Rank: 22
thanks boss for the information.
moving to greater height

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 216
  • Respect: +28
  • Gender: Male
  • Location: abuja
  • My Rank: 22
How to protect yourself from the'Heartbleed' bug
« Reply #3 on: Apr 14, 2014 »
0
A major new security vulnerability dubbed
Heartbleed was disclosed Monday night with
severe implications for the entire Web. The bug
can scrape a server's memory, where sensitive
user data is stored, including private data such as
usernames, passwords, and credit card numbers.
It's an extremely serious issue, affecting some
500,000 Web sites, according to Netcraft, an
Internet research firm. Here's what you can do to
make sure your information is protected, according
to security experts contacted by CNET:
Do not log into accounts from afflicted sites until
you're sure the company has patched the problem.
If the company hasn't been forthcoming --
confirming a fix or keeping you up to date with
progress -- reach out to its customer service
teams for information, said John Miller, security
research manager for TrustWave, a security and
compliance firm.
Some Web sites that appeared to have been
affected included Yahoo and OKCupid, though the
companies have said their sites are all or partly
fixed. though caution is still
advised even if the site gives you an "all clear"
indication. If you're given a red flag, avoid the site
for now.
The natural response might be to want to change
passwords immediately, but security experts
suggest waiting for confirmation of a fix because
further activity on a vulnerable site could
exacerbate the problem.
Once you've got confirmation of a security patch,
change passwords of sensitive accounts like
banks and email first. Even if you've implemented
two-factor authentication -- which, in addition to a
password asks for another piece of identifying
information, like a code that's been texted to you
-- changing that password is recommended.
Don't be shy about reaching out to small
businesses that have your data to make sure they
are secure. While the high-profile companies like
Yahoo and Imgur certainly know about the
problem, small businesses might not even be
aware of it, said TrustWave's Miller. Be proactive
about making sure your information is safe.
Keep a close eye on financial statements for the
next few days. Because attackers can access a
server's memory for credit card information, it
wouldn't hurt to be on the lookout for unfamiliar
charges on your bank statements.
Even after following these guidelines, there is still
some riskiness in surfing the Web in the wake of
the bug. Heartbleed is even said to affect browser
cookies, which track users' activity on a site, so
even visiting a vulnerable site without logging in
could be unsafe. The Tor Project, which stresses
anonymity and privacy, wrote in a blog post that
users with those needs "might want to stay away
from the Internet entirely for the next few days
while things settle."
moving to greater height

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 114
  • Respect: +15
  • Gender: Male
  • Location: Lagos
  • 1st chamber
  • My Rank: 6
    • Focus-Tiens
Boss you are too much ooo. Thanks for the information
FREE bulk SMS @ You are not allowed to view links. Register or Login

Offline [Not Shown, Login to View]

  • Forum Guide
  • Level 3 (Regular)
  • ******
  • Posts: 271
  • Respect: +85
  • Gender: Female
  • Location: Abuja
  • Going on Gods Speed
  • My Rank: 48
Thanks Boss, actually saw this in the news few days ago, didn't know it's this serious. Well, let's hope all major websites and especially our financial institutions are able to upgrade to avert unexpected or expected loss.
You are not allowed to view links. Register or Login

Offline [Not Shown, Login to View]

  • Forum Guide
  • Level 4 (Dedicated)
  • ******
  • Posts: 1056
  • Respect: +267
  • Gender: Male
  • Location: Ibadan, Oyo State of Nigeria
  • 1st Chamber
  • My Rank: 86
"More Information On Heartbleed"

Subject: Security Alert: Information on Heartbleed

"Norton by Symantec
 Protecting the Stuff that matters.™

You’ve likely heard of Heartbleed over the past week. We wanted to share a bit about what it is, steps we have taken to protect our customers and steps you can take to protect yourself across the Web.

Some versions of Norton AntiVirus, Norton Internet Security and Norton 360 were impacted. On April 10th, we distributed updates to these impacted products to stop and block Heartbleed. Norton Accounts used to sign into Norton.com were not impacted. Please refer to our FAQ for more information on how we’re defending against this vulnerability.

Why Heartbleed affects everyone on the Internet

Heartbleed is a bug in some versions of OpenSSL, a set of software tools used widely across the Web for security. This bug may reveal your name, passwords and other private information.

If you visited a website that uses a vulnerable version of OpenSSL during the last two years, your personal information may be compromised. You can use this tool: You are not allowed to view links. Register or Login to check if a particular website is currently impacted.

How to protect yourself

Due of the complex nature of this vulnerability, changing your passwords before sites update their version of OpenSSL won’t fully protect you. Here are some simple steps you can take as a precaution:

•   Change your passwords on any website that contains sensitive information about you. You should first confirm that the site does not contain the Heartbleed vulnerability by using this tool.
•   If you’ve reused passwords on multiple sites, it’s especially important to change them. To change your Norton Account password, visit manage.norton.com and click Account Information.
•   Beware of phishing emails and type website addresses directly in your browser instead of clicking on a link through an email.
•   Monitor your bank and credit card accounts for unusual activity.

It may take an extended period of time for all the sites affected by Heartbleed to fix this vulnerability. To determine if a website is vulnerable to Heartbleed using this tool. We recommend you only exchange personal or sensitive information such as your credit card number if the site is not affected by Heartbleed.

You can learn more about Heartbleed and its impact to consumers by checking out our FAQ or by following the Norton Protection Blog.

Stay Safe Online

Norton

Norton Support     Legal Information     Privacy Policy
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and Norton are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.

Symantec Corporation, 350 Ellis St., Mountain View, CA 94043, USA
Knowledge Is Power – Seek For It

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 216
  • Respect: +28
  • Gender: Male
  • Location: abuja
  • My Rank: 22
0
thanks macfally.
moving to greater height

 

Related Topics

  Subject / Started by Replies Last post
Security Tips

Started by [Not Shown, Login to View] Village Square (Under the Guava)

2 Replies
551 Views
Last post Apr 28, 2013
by [Not Shown, Login to View]
2 Replies
559 Views
Last post May 22, 2013
by [Not Shown, Login to View]
how to put security

Started by [Not Shown, Login to View] General Questions

3 Replies
470 Views
Last post Nov 23, 2013
by [Not Shown, Login to View]
0 Replies
261 Views
Last post Jul 31, 2014
by [Not Shown, Login to View]
1 Replies
369 Views
Last post Dec 30, 2014
by [Not Shown, Login to View]

TinyPortal © 2005-2011
SimplePortal 2.3.5 © 2008-2012, SimplePortal