heartbleed passwords

Millions of Devices With Android Version 4.1.1 “Jellybean” Vulnerable to Heartbleed

 Wikimedia Commons image

Wikimedia Commons image

We know by now that many popular sites were recently affected by the Heartbleed bug vulnerability, but according to an announcement by Google on April 9, 2014, devices running Android 4.1.1 (aka “Jellybean”) are not immune to the vulnerability. According to Christopher Katsaros, spokesperson for Google, there are millions of Android 4.1.1 devices.

The affected version was released in 2012 and is estimated to be running on more than a third of Android devices, according to Android.

Verizon spokesperson Albert Aydin reported in an email that “other mobile operating systems we offer are not affected by this vulnerability” and they have “no reason to believe that the issue has resulted in any compromise of Verizon customer accounts, websites, or data.”

Microsoft Corp. has reported that Windows and Windows Phone operating systems and most services are not impacted by Heartbleed.

How to Check Your Device

Go to Settings ->About Phone to confirm your version and check for updates. An app is also available to scan your device for the vulnerability.

According to Google’s announcement, “patching information for Android 4.1.1 is being distributed to Android partners.” While Google has provided a patch, it is up to handset makers and wireless carriers to update the devices.

Advertisements

Yahoo: Heartbleed Bug Patched

Yahoo was one of the sites affected by the Heartbleed bug discovered earlier this month. In an article posted in Yahoo Help Central, and last updated on April 11, 2014, they report their “ team has successfully made the appropriate corrections across our entire platform.” 

While they did not suggest users change their passwords as an added security and they do not mention whether or not a security breach was detected, they include a link with instructions on changing passwords below the article for those concerned about security.

An article posted in the Yahoo help section claims the Hertbleed bug was patched, but users may want to change their passwords for added security.

An article posted in Yahoo Help Central claims the Heartbleed bug was patched, but users may want to change their passwords for added security.

Several other sites including Pinterest and Tumblr contacted users by email to notify them of the vulnerability and suggested users change their passwords as an added security. It is unclear whether Yahoo contacted any users regarding the vulnerability, however, as with all other affected sites and maintaining account security, it is a good idea to change your passwords as an added security.

Dropbox: Heartbleed Bug Patched, Change Your Password

DropBox was one of the sites affected by the Heartbleed bug vulnerability reported last week. According to the site, the vulnerability was patched within hours of notification and while they report accounts are safe, they recommend changing passwords for added protection.

DropBox has reported that the Heartbleed vulnerability is patched, recommends changing passwords

DropBox has reported that the Heartbleed vulnerability is patched, recommends changing passwords

Box reports they “have found no evidence of breaches or attacks during the time the vulnerability was live for Box users” and that they “recommend that users reset their Box passwords as an additional security measure.”

For more information, check out their blog.

Pinterest: “Some Pinners” Were Asked to Change Passwords as a Precaution

In regard to the recent Heartbleed bug discovery, I’ve received notifications from some sites, such as Tumblr and Pinterest about changing my password, however according to a post in Pinterest help, not all users may have received this email.

A message posted in Pinterest help reads: "We were quick to fix the issue on pinterest.com, and didn’t find any evidence of mischief on Pinner accounts as a result. We did ask some Pinners to change their passwords, just to be extra careful."

A message posted in Pinterest help briefly discusses the impact of the Heartbleed bug.

Part of the message reads: “We were quick to fix the issue on pinterest.com, and didn’t find any evidence of mischief on Pinner accounts as a result. We did ask some Pinners to change their passwords, just to be extra careful.”

As a precaution, even if you did not receive an email suggesting you change your password, it’s a really good idea to do so anyway and to change all your passwords frequently to protect all your accounts. If you have trouble keeping track of your passwords, try the free LastPass app.

If You Think Your Pinterest Account Has Been Compromised

Pinterest offers several suggestions if your account may have been compromised:

1. You’re seeing boards or Pins you didn’t addchange your password. If pins/boards were added, you can delete them when you’re logged in, however if pins/boards were deleted, Pinterest cannot get them back for you.

2. You got an email about a change you didn’t make – lock your account using the link in the email they sent. This will protect your account until you are able to change your password.

3. Your account is in safe mode – if suspicious activity is detected on your Pinterest account, they will place your account into safe mode to protect your pins and prevent any changes from being made to your account. An email will be sent to you requesting you to change your password to get out of safe mode.

Password Safety

Pinterest and most other sites will never contact you for your password, so always be extremely cautious if anyone requests your password for any site via email or phone, especially if you did not make the phone call.

If you are ever unsure of the legitimacy of an email:

  • Do not open any attachments, especially if they end in .exe – that extension is used for software installation and clicking on the program can install it on your computer
  • Don’t click on any links in the email; instead go directly to the site by typing in the url yourself
  • Check the email address of the sender in the header – if it is not from the company it says it’s from, don’t trust it. (i.e. in my spam box right now is an email supposedly from AT&T, but the email address is ___@ausoniusnamechild.com – don’t go to that link, it’s probably a phishing site; had it really been from AT&T, the domain would include att.com)
  • If you receive an email that you believe is a scam or phishing, report it here

Free App Stores Passwords, Guards Users From Heartbleed Threats

News of the recent Heartbleed bug threat is barely a week old and it’s amazing what actions have already been taken to protect consumers against the vulnerability. The biggest questions right now are:

  1. Were the sites I use affected? (check here)
  2. Should I change my password now? (check here)

Many of us felt helpless because while we were informed to change our passwords, at the same time, we were told that wouldn’t make any difference if the sites hadn’t patched the vulnerability. The good news is most sites quickly worked to repair the patch to make the site secure again so changing your passwords is a great idea now, even if the site in question was not reported as being affected by Heartbleed.

Free LastPass App Provides Security & Warnings

LastPass is a free app that provides complete, secure password storage and it goes steps beyond just storing passwords with helping you create secure passwords; it also informs users of potential or actual security breaches to help protect your accounts. I recently signed up and immediately was notified of security breaches in my Google accounts that I was able to fix easily.

It installs to your browser (mine’s been working great in Chrome) and you can also download a desktop launcher for easy access.

LastPass app informs users of security breaches

LastPass app informs users of security breaches

Additionally, LastPass shows which of the sites I use were affected by the Heartbleed bug and whether my account is secure or not.

LastPass checks sites you use for the Heartbleed vulnerability and checks to see if your account is safe

LastPass checks sites you use for the Heartbleed vulnerability and checks to see if your account is safe.

LastPass is a great option for those who are unsure of whether their passwords are strong as well as those who have trouble remembering all of their passwords.

Recommendations

  • Change your passwords frequently (every 60-90 days)
  • Use different passwords for different sites rather than the same password for multiple sites
  • Include upper & lowercase letters, as well and numbers and symbols in your passwords
  • Avoid passwords like these
  • If you have trouble remembering passwords, use numbers or symbols in lieu of letters, i.e. p@$$w0rd instead of password