The Aftermath of Heartbleed: Tips for Users and Admins

Even though the Heartbleed bug has been fixed by major providers, the danger is far from over. Users and admins should be aware of the issue and take immediate remediation steps (source: Yarubo Internet Security).

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend
The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords were had been exposed to attackers for nearly half a year.

(PRWEB) April 29, 2014

The Heartbleed bug - a software vulnerability in the popular OpenSSL library - made a big splash in the Internet a couple of weeks ago. While dozens of security issues are discovered every day, Heartbleed was different in that it affected a core library used by almost all of the big web providers, including Google and Facebook.

The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords had been exposed to attackers for nearly half a year. Even though the issue was fixed instantly, there was no way to tell if (and by whom) the issue had been exploited, and what accounts had been compromised.

At the beginning of April, a study by Netcraft showed that half a million widely trusted websites were vulnerable to the Heartbleed bug. We know that by now the issue has been fixed at all big web providers. However, it is hard to say how many of the other sites have already applied the fix. This means that both users and server administrators have to be be aware of the threat.

As a follow-up the following measures are recommended:

1. Users who haven’t changed their passwords / pin codes yet should immediately do it, especially for critical web services such as online banking.

2. Web server admins should make sure that their servers are properly patched. A free scanning tool is available at: http://www.yarubo.com/heartbleed.

3. Heartbleed also affects mobile devices. According to Google, devices running Android 4.1.1 are vulnerable to the attack. Users who own such as device should refrain from using to to access sensitive applications and install updates as soon as they become available.


Contact

  • Yarubo Internet Scanner Team

    +66 849098425
    Email