Last week, a major internet security flaw, the Heartbleed bug, was detected. The bug allows hackers to steal personal information that is normally protected by OpenSSL encryption. OpenSSL provides security for Web applications, email, instant messaging and some virtual private networks. According to Internet security services provider Netcraft, about half a million trusted websites are vulnerable to the bug.
As a leading insurance agency for photographers, we make it our mission to best protect photographers’ equipment, accident liability, …and in this case, private information! Take a minute to educate and protect yourself from the Heartbleed bug by considering the following:
Heartbleed Basics
The bug allows anyone on the Internet to read the memory of any applications or websites that use vulnerable versions of OpenSSL. Hackers can exploit the vulnerability to steal proprietary data, including:
- Encryption keys, which can be used to decrypt protected information
- User credentials (username and password, etc.)
- Personal information, such as financial details, private emails or anything else worth encrypting
Are You Affected?
Chances are this affects you and/or your business in one way or another. We suggest you make this assumption and keep a close eye on email alerts from the websites you frequent. Already, website owners are investigating the impact of the security flaw and notifying customers with a status update–including recommendations to change passwords.
OpenSSL is the most popular cryptographic library in use on the Internet, so it is likely that you use several websites that may have this vulnerability. Unfortunately, websites using the most current versions of OpenSSL (versions 1.0.1 through 1.0.1f) are the ones most likely to be at risk. Previous versions are not vulnerable.
ClNet has compiled a list of the top 100 most used sites with recommendations of whether or not you should change your passwords.
- Among the list of vulnerable sites? Facebook, Instagram, Pinterest, Tumblr, Google/Gmail, Yahoo, GoDaddy, Netflix, YouTube, Soundcloud, USAA, Dropbox, WordPress, etc.