The past week has seen quite the shake-up in the internet world. A programming hole in the most popular server security protocol (dubbed “Heartbleed”) was discovered that would allow the capturing of your passwords and allow hackers to forge your login – which means they could log in as you to any of your secure sites. While a patch for this bug was released last week, many sites are still in the process of getting the fix in place, and most are taking extra steps to review all aspects of their security. This bug has been there for two years – and its damage has yet to be fully realized.
Yahoo, Google (including gmail), Dropbox, Box, Pinterest, Creative Commons, Instagram, GoDaddy, Flickr, Netflix, YouTube and many others were affected. None of the major banks or credit cards were affected directly, but if someone could get into your account on any affected service, they could make purchases or gather information to help them breach your accounts. You should take the time to review all your accounts and email for any strange activity, and report it to the site’s customer service ASAP. So far, no one in our circle has reported being affected, but that’s not proof against attack.
Having the same password for every site you interact with may be convenient, but poses a huge potential risk if any one site’s data gets breached. We recommend changing your passwords on all accounts THIS WEEK, rethinking your password policy and having a unique password to every site you have an account on, and change them very so often.
While this sounds daunting, there are programs that can streamline the process like 1Password for Mac that really work well, or manual methods of keeping track. Just don’t have a Word document on your desktop called “Passwords and Banking info”…
While we are on the subject, even though Macs historically have been mostly immune to virus and malware attacks, we’ve been recommending to everyone to get the great “donationware” ClamXav – the same software Apple uses on their server software. I run in on my Mac – you should run it on yours. There are some details to getting it configured correctly so it automatically updates itself and scans your home folder, so if you need assistance with it – let us know and we’ll take care of it, and give your system a once-over while we are at it.
So what does this mean in the short and long term? NOTHING in the “Cloud” is truly safe. Ever. We get the perception of security, and for the most part it works, but unlike making sure you know where your checkbook and wallet are at all times, the information you give to any company you buy from on the web can be breached from the outside or even stolen by the employees who work there! As a programmer, and knowing the people at Apple, Adobe and Microsoft that I do, I know best efforts are being made to solve these sorts of issues before they occur. Sadly, people are the variable here, and good or bad, we should know that its our own vigilance that keeps us protected, or at least minimizes the damage from our critical data being used against us.
Sorry for the downer tone, but we deal in reality and sometimes its not as pretty as we’d like it to be.
Please send a link of this to anyone in your circle who could benefit from the information.