The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords were had been exposed to attackers for nearly half a year.
(PRWEB) April 29, 2014
The Heartbleed bug - a software vulnerability in the popular OpenSSL library - made a big splash in the Internet a couple of weeks ago. While dozens of security issues are discovered every day, Heartbleed was different in that it affected a core library used by almost all of the big web providers, including Google and Facebook.
The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords had been exposed to attackers for nearly half a year. Even though the issue was fixed instantly, there was no way to tell if (and by whom) the issue had been exploited, and what accounts had been compromised.
At the beginning of April, a study by Netcraft showed that half a million widely trusted websites were vulnerable to the Heartbleed bug. We know that by now the issue has been fixed at all big web providers. However, it is hard to say how many of the other sites have already applied the fix. This means that both users and server administrators have to be be aware of the threat.
As a follow-up the following measures are recommended:
1. Users who haven’t changed their passwords / pin codes yet should immediately do it, especially for critical web services such as online banking.
2. Web server admins should make sure that their servers are properly patched. A free scanning tool is available at: http://www.yarubo.com/heartbleed.
3. Heartbleed also affects mobile devices. According to Google, devices running Android 4.1.1 are vulnerable to the attack. Users who own such as device should refrain from using to to access sensitive applications and install updates as soon as they become available.