heartbleed sites

Yahoo: Heartbleed Bug Patched

Yahoo was one of the sites affected by the Heartbleed bug discovered earlier this month. In an article posted in Yahoo Help Central, and last updated on April 11, 2014, they report their “ team has successfully made the appropriate corrections across our entire platform.” 

While they did not suggest users change their passwords as an added security and they do not mention whether or not a security breach was detected, they include a link with instructions on changing passwords below the article for those concerned about security.

An article posted in the Yahoo help section claims the Hertbleed bug was patched, but users may want to change their passwords for added security.

An article posted in Yahoo Help Central claims the Heartbleed bug was patched, but users may want to change their passwords for added security.

Several other sites including Pinterest and Tumblr contacted users by email to notify them of the vulnerability and suggested users change their passwords as an added security. It is unclear whether Yahoo contacted any users regarding the vulnerability, however, as with all other affected sites and maintaining account security, it is a good idea to change your passwords as an added security.

Advertisements

Dropbox: Heartbleed Bug Patched, Change Your Password

DropBox was one of the sites affected by the Heartbleed bug vulnerability reported last week. According to the site, the vulnerability was patched within hours of notification and while they report accounts are safe, they recommend changing passwords for added protection.

DropBox has reported that the Heartbleed vulnerability is patched, recommends changing passwords

DropBox has reported that the Heartbleed vulnerability is patched, recommends changing passwords

Box reports they “have found no evidence of breaches or attacks during the time the vulnerability was live for Box users” and that they “recommend that users reset their Box passwords as an additional security measure.”

For more information, check out their blog.

Pinterest: “Some Pinners” Were Asked to Change Passwords as a Precaution

In regard to the recent Heartbleed bug discovery, I’ve received notifications from some sites, such as Tumblr and Pinterest about changing my password, however according to a post in Pinterest help, not all users may have received this email.

A message posted in Pinterest help reads: "We were quick to fix the issue on pinterest.com, and didn’t find any evidence of mischief on Pinner accounts as a result. We did ask some Pinners to change their passwords, just to be extra careful."

A message posted in Pinterest help briefly discusses the impact of the Heartbleed bug.

Part of the message reads: “We were quick to fix the issue on pinterest.com, and didn’t find any evidence of mischief on Pinner accounts as a result. We did ask some Pinners to change their passwords, just to be extra careful.”

As a precaution, even if you did not receive an email suggesting you change your password, it’s a really good idea to do so anyway and to change all your passwords frequently to protect all your accounts. If you have trouble keeping track of your passwords, try the free LastPass app.

If You Think Your Pinterest Account Has Been Compromised

Pinterest offers several suggestions if your account may have been compromised:

1. You’re seeing boards or Pins you didn’t addchange your password. If pins/boards were added, you can delete them when you’re logged in, however if pins/boards were deleted, Pinterest cannot get them back for you.

2. You got an email about a change you didn’t make – lock your account using the link in the email they sent. This will protect your account until you are able to change your password.

3. Your account is in safe mode – if suspicious activity is detected on your Pinterest account, they will place your account into safe mode to protect your pins and prevent any changes from being made to your account. An email will be sent to you requesting you to change your password to get out of safe mode.

Password Safety

Pinterest and most other sites will never contact you for your password, so always be extremely cautious if anyone requests your password for any site via email or phone, especially if you did not make the phone call.

If you are ever unsure of the legitimacy of an email:

  • Do not open any attachments, especially if they end in .exe – that extension is used for software installation and clicking on the program can install it on your computer
  • Don’t click on any links in the email; instead go directly to the site by typing in the url yourself
  • Check the email address of the sender in the header – if it is not from the company it says it’s from, don’t trust it. (i.e. in my spam box right now is an email supposedly from AT&T, but the email address is ___@ausoniusnamechild.com – don’t go to that link, it’s probably a phishing site; had it really been from AT&T, the domain would include att.com)
  • If you receive an email that you believe is a scam or phishing, report it here

Free App Stores Passwords, Guards Users From Heartbleed Threats

News of the recent Heartbleed bug threat is barely a week old and it’s amazing what actions have already been taken to protect consumers against the vulnerability. The biggest questions right now are:

  1. Were the sites I use affected? (check here)
  2. Should I change my password now? (check here)

Many of us felt helpless because while we were informed to change our passwords, at the same time, we were told that wouldn’t make any difference if the sites hadn’t patched the vulnerability. The good news is most sites quickly worked to repair the patch to make the site secure again so changing your passwords is a great idea now, even if the site in question was not reported as being affected by Heartbleed.

Free LastPass App Provides Security & Warnings

LastPass is a free app that provides complete, secure password storage and it goes steps beyond just storing passwords with helping you create secure passwords; it also informs users of potential or actual security breaches to help protect your accounts. I recently signed up and immediately was notified of security breaches in my Google accounts that I was able to fix easily.

It installs to your browser (mine’s been working great in Chrome) and you can also download a desktop launcher for easy access.

LastPass app informs users of security breaches

LastPass app informs users of security breaches

Additionally, LastPass shows which of the sites I use were affected by the Heartbleed bug and whether my account is secure or not.

LastPass checks sites you use for the Heartbleed vulnerability and checks to see if your account is safe

LastPass checks sites you use for the Heartbleed vulnerability and checks to see if your account is safe.

LastPass is a great option for those who are unsure of whether their passwords are strong as well as those who have trouble remembering all of their passwords.

Recommendations

  • Change your passwords frequently (every 60-90 days)
  • Use different passwords for different sites rather than the same password for multiple sites
  • Include upper & lowercase letters, as well and numbers and symbols in your passwords
  • Avoid passwords like these
  • If you have trouble remembering passwords, use numbers or symbols in lieu of letters, i.e. p@$$w0rd instead of password

Pinterest: Heartbleed Bug Patched, Change Your Password

Pinterest has joined other websites in updating users regarding potential Heartbleed bug security issues in an email sent to users today. They report no suspicious activity has been detected and the problem has been patched, however they urge users to change their passwords as an added step in security.

An email to Pinterest users today informed that the Heartbleed bug has been patched and while there is no indication of unusual account activity, it is suggested that users change their passwords.

An email to Pinterest users today informed that the Heartbleed bug has been patched and while there is no indication of unusual account activity, it is suggested that users change their passwords.

Earlier this week, it was reported that a massive security flaw had been discovered in encryption software used by nearly 70% of websites. Although the discovery was made just this week, it has been reported that this issue has existed for more than two years, leaving presumed secure sites vulnerable to unwanted access to personal information.

It is unclear at this point who may have accessed any information through this vulnerability, but websites have been checking their systems for the bug and patching to repair the problem. While it is a good practice to change your passwords regularly, unless a website has patched their vulnerability, changing your password will not protect your information.

CNET is keeping an updated list of the 100 top websites and their Heartbleed status. Click here to check the status.

Change Those Passwords: What You Need to Know About the Heartbleed Bug

On April 7, 2014, news spread of a major encryption flaw known as the Heartbleed bug. While it sounds like something you’d get after a bad bheartbleedreakup, Heartbleed has already been called one of the biggest internet threats in history.

What Does This Mean?

The Heartbleed bug is not a virus or malware. It’s a programming flaw in encryption software that many websites use to protect your sensitive information. This means that someone with the ability to access a site through this vulnerability could potentially access your account information and anything that would be protected by the affected encryption software.

If a site has been affected by the Heartbleed bug, it means that user account information has potentially been left exposed over the past two years. This includes user names, passwords, credit card information and more.

What’s the Non-Techy Explanation?

Think of Heartbleed like a broken fence board. The fence is there to protect your property (like encryption software exists to protect your personal information online), but with the missing board, those with the intent and skill to get into your yard to access your property can. The missing fence board leaves your property sitting there exposed, just like Heartbleed leaves your personal information exposed.

The good news is that not every site uses the affected software (just like your neighbors have more secure fences than you do). Additionally, many of those sites that do use the affected software have applied patches to fix this vulnerability (just like you can replace the broken fence board to secure your fence once again).

Does This Affect Me?

Most likely there’s a very good chance that you have been affected. Some of the most popular sites we use on a regular basis have been affected (list below).

How Did This Happen?

Even if you don’t know much about computers and the internet, chances are you’ve heard the term SSL in regards to securing sites and encrypting data on many sites that use passwords and have sensitive information. The Heartbleed bug is a vulnerability in certain types of SSL that allows anyone on the internet with the knowledge of how to access this vulnerability to read the memory of any systems using this type of SSL. Attackers can gain access to content that is thought to be secure, but exposed by this bug, and they can eavesdrop, steal data and impersonate users and services.

What Sites Have Been Affected?

The following popular sites have reported having been affected by the Heartbleed bug:

  • Amazon Web Services (for website operators, not the main Amazon sites)
  • Dropbox
  • Gmail
  • GoDaddy
  • Google
  • Intuit (TurboTax)
  • LastPass
  • Minecraft
  • OKCupid
  • SoundCloud
  • Tumblr
  • Wunderlist
  • Yahoo
  • Yahoo Mail

The following sites have reported possibly being affected by the Heartbleed bug:

  • Apple
  • eBay
  • Facebook
  • H&R Block
  • Healthcare .gov
  • IRS
  • Netflix
  • Twitter

Click here to see a list of 10,000+ sites that have been checked for the Heartbleed vulnerability. Please note sites listed as vulnerable may no longer be vulnerable, but were at the time of testing. Click here to view the top 100 sites and see if they have patched the Heartbleed bug.

The following sites have reported NOT being affected by the Heartbleed bug:

1040.com, Amazon, AOL, Bank of America, Capital One, Chase, E*Trade, Evernote, Fidelity, FileYour Taxes.com, Hotmail/Outlook, LinkedIn, Microsoft, PayPal, PNC, Schwab, Scottrade, Spark Networks (JDate, Christian Mingle), Target, TD Ameritrade, TD Bank, U.S. Bank and Wells Fargo.

What Do I Need to Do?

While it’s a good general practice to change your passwords every couple of months, now is a really good time to change your passwords again, especially if you use any of the sites that were affected. Keep in mind, however, if a site has not yet fixed the problem on their end, your information can still be vulnerable regardless if you changed your password or not. Chances are, by the time you read this article, any affected sites will have been patched and no longer vulnerable.

How Do I Know if a Site Has Patched Their Vulnerability?

The good news is that patches exist for all of the sites listed on the affected list above and some exist for the possibly affected sites above. Additionally, some sites use multiple types of encryption so even if they were affected by Heartbleed, they were protected by additional encryption. Most sites have already patched the vulnerability and those who haven’t are currently in the process of fixing it.

Where Can I Get More Information About the Heartbleed Bug?

Check out the following: