Friday, April 11, 2014

Weekly Reader (part 2)

The Heartbleed Hit List: The Passwords You Need to Change Right Now
"An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years." -- Mashable Team, Mashable, 4/11/14

The 'Heartbleed' Bug and How Internet Users Can Protect Themselves
"Security professionals working in higher education are updating servers, reissuing certificates used to guarantee secure Internet transactions, and encouraging students and faculty and staff members to take a break from the commercial Internet following the discovery of a programming flaw in a widely used Internet tool." -- Megan O'Neil, Wired Campus, 4/11/14

A Gentle Reminder About Security
"There are a lot of benefits to doing much of our work online. Collaboration with far-away colleagues is easy, we can have ready access to our work no matter what device we’re using, and having our work backed up in the cloud can be reassuring." -- Amy Cavender, ProfHacker, 4/10/14

How to Protect Yourself from the Heartbleed Bug
"A major new security vulnerability dubbed Heartbleed was disclosed Monday night with severe implications for the entire Web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames, passwords, and credit card numbers." - Richard Nieva, CNet, 4/8/14

LastPass Heartbleed Checker
"With news breaking on Monday, April 7th that the Heartbleed bug causes a vulnerability in the OpenSSL cryptographic library, which is used by roughly two-thirds of all websites on the Internet, we want to update our community on how this bug may have impacted LastPass and clarify the actions we're taking to protect our customers. LastPass recommends everyone with a account, or account changes their password." -- LastPass, 4/11/14 [accessed]

Heartbleed: Serious OpenSSL Zero Day Vulnerability Revealed
"New security holes are always showing up. The latest one, the so-called Heartbleed Bug in the OpenSSL cryptographic library, is an especially bad one. heartbleedHeartbleed OpenSSL zero-day vulnerability. While Heartbleed only affects OpenSSL's 1.0.1 and the 1.0.2-beta release, 1.01 is already broadly deployed. Since Secure-Socket Layer (SSL) and Transport Layer Security (TLS) are at the heart of Internet security, this security hole is serious." -- Steven J. Vaughan-Nichols, ZDNet, 4/7/14

No comments: