This is the latest news on HEARTBLEED, being sent out by network managers.
You may have already heard about this new vulnerability in the news. This
is serious. This is not a virus. This does not attack your personal
computer like a virus/trojan/worm/malware etc would. This is a
vulnerability which exists in some versions of OpenSSL which is used on
many public websites that hold your personal information. It is STRONGLY
RECOMMENDED that you change your password on all personal websites that you
have an account on. This includes email accounts, banking accounts, and
credit card accounts. You should change your passwords only AFTER first
checking to see if the site has been patched. If you google "heartbleed"
you'll find a ton of information about this vulnerability.
It is a terrible idea to use the same password on all of your accounts.
Consider creating an algorithm (a set of rules) that only you know and
apply that formula to create passwords that are cryptic but easy for you to
remember on any website. Incorporate the website name or a nickname for the
website into the password while using the algorithm you create. Nicknames
may be useful if the website has a long name and they have a restriction on
the length. For instance, sportsauthority is pretty long so you might want
to remember sports instead. Also come up with a 5 or 6 character "base
password" which is common to all passwords. Many websites require your
password to be at least 8 characters long and some have a limit of 15. Some
will require special characters, some not.
For example, if your set of rules is this:
All O's are zeros
All S's are $'s
All I's are 1's
The first letter and the last letter of all passwords will be capitalized
(unless the letter is an O, an S or an I (per above rules))
Your base password is this: abc!@# (this is simply abc and shift-123 (don't
use this one as your base password) and it will be inserted into the
password after the first 2 letters of the website name
Then your gmail password would be: Gmabc!@#ma1L
Yahoo password would be: Yaabc!@#h00
Amazon would be: Amabc!@#az0N
Sears would be: $eabc!@#ar$
Ebay would be: Ebabc!@#aY
etc, etc
It's not very difficult if you make a set of rules and stick to them when
creating any password online. Your base password should include some
special characters because some websites require them and if you don't use
a special character in your base password, the password could possibly not
contain one because the website name didn't include any letters that
convert to special characters (like the letter S ($) in the example above).
So if your base password was "tiger" then the Ebay password would have been
EbtigeraY. And that isn't too strong and if Ebay required a special
character in the password, your algorithm wouldn't suffice. Now you'd have
to deviate from the algorithm just for Ebay (and possibly others) or you'd
have to come up with a new algorithm. So it's best to include at least one
special character in your base password.
Here are a few links to get you started.
From the Security Operations Center at the AO:
http://soc.ao.dcn/documents/20140410_Heartbleed_TLP-WHITE.pdf
These articles explain the vulnerability pretty well and include links to
sites where you can type in the URL of the website where you have an
account and see if it is patched. If the website has not been patched yet,
you shouldn't change your password on it until it has been.
http://www.forbes.com/sites/jameslyne/2014/04/10/avoiding-heartbleed-hype-what-to-do-to-stay-safe/
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/
This site lists the top 100 websites and their current status. Many of the
websites on this list are websites you may have an account with. Change
your password on these accounts as well if they show as being patched.
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
You may have already heard about this new vulnerability in the news. This
is serious. This is not a virus. This does not attack your personal
computer like a virus/trojan/worm/malware etc would. This is a
vulnerability which exists in some versions of OpenSSL which is used on
many public websites that hold your personal information. It is STRONGLY
RECOMMENDED that you change your password on all personal websites that you
have an account on. This includes email accounts, banking accounts, and
credit card accounts. You should change your passwords only AFTER first
checking to see if the site has been patched. If you google "heartbleed"
you'll find a ton of information about this vulnerability.
It is a terrible idea to use the same password on all of your accounts.
Consider creating an algorithm (a set of rules) that only you know and
apply that formula to create passwords that are cryptic but easy for you to
remember on any website. Incorporate the website name or a nickname for the
website into the password while using the algorithm you create. Nicknames
may be useful if the website has a long name and they have a restriction on
the length. For instance, sportsauthority is pretty long so you might want
to remember sports instead. Also come up with a 5 or 6 character "base
password" which is common to all passwords. Many websites require your
password to be at least 8 characters long and some have a limit of 15. Some
will require special characters, some not.
For example, if your set of rules is this:
All O's are zeros
All S's are $'s
All I's are 1's
The first letter and the last letter of all passwords will be capitalized
(unless the letter is an O, an S or an I (per above rules))
Your base password is this: abc!@# (this is simply abc and shift-123 (don't
use this one as your base password) and it will be inserted into the
password after the first 2 letters of the website name
Then your gmail password would be: Gmabc!@#ma1L
Yahoo password would be: Yaabc!@#h00
Amazon would be: Amabc!@#az0N
Sears would be: $eabc!@#ar$
Ebay would be: Ebabc!@#aY
etc, etc
It's not very difficult if you make a set of rules and stick to them when
creating any password online. Your base password should include some
special characters because some websites require them and if you don't use
a special character in your base password, the password could possibly not
contain one because the website name didn't include any letters that
convert to special characters (like the letter S ($) in the example above).
So if your base password was "tiger" then the Ebay password would have been
EbtigeraY. And that isn't too strong and if Ebay required a special
character in the password, your algorithm wouldn't suffice. Now you'd have
to deviate from the algorithm just for Ebay (and possibly others) or you'd
have to come up with a new algorithm. So it's best to include at least one
special character in your base password.
Here are a few links to get you started.
From the Security Operations Center at the AO:
http://soc.ao.dcn/documents/20140410_Heartbleed_TLP-WHITE.pdf
These articles explain the vulnerability pretty well and include links to
sites where you can type in the URL of the website where you have an
account and see if it is patched. If the website has not been patched yet,
you shouldn't change your password on it until it has been.
http://www.forbes.com/sites/jameslyne/2014/04/10/avoiding-heartbleed-hype-what-to-do-to-stay-safe/
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/
This site lists the top 100 websites and their current status. Many of the
websites on this list are websites you may have an account with. Change
your password on these accounts as well if they show as being patched.
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/