- Kyrsten Sinema may face a censure vote—and net neutrality is a big reason why 5 Years Ago
- Recreate a Hogwarts holiday with the LEGO ‘Harry Potter’ Advent calendar 5 Years Ago
- How to stream Titans vs. Jaguars on Thursday Night Football 5 Years Ago
- 24 Halloween costumes so weird all you can do is laugh Today 8:13 AM
- Night Monkey finally gets the trailer he deserves Today 8:04 AM
- All the TV series and films coming to AppleTV+ Today 8:00 AM
- How to watch ‘American Horror Story: 1984’ Today 7:00 AM
- What’s new in Call of Duty: Modern Warfare? Today 7:00 AM
- ‘Carole and Tuesday’ is a feast for the eyes, ears, and heart Today 6:30 AM
- Tara Booth’s Instagram art embraces the comedy in mental health struggles Today 6:00 AM
- Everything we know so far about Peacock, NBC’s new streaming service Tuesday 7:42 PM
- Selena Gomez producing docuseries about immigration for Netflix Tuesday 7:11 PM
- How to stream Manchester City vs. Shakhtar Donetsk in Champions League action Tuesday 6:14 PM
- Milo Yiannopoulos threatens to crash furry convention he is barred from Tuesday 5:54 PM
- How to stream Juventus vs. Atletico Madrid in Champions League action Tuesday 5:52 PM
Department of Homeland security warns Americans of Heartbleed risk
Your passwords are broken.
The United States government is imploring citizens to change their passwords to protect against the Heartbleed bug.
In a message from the Department of Homeland Security (DHS), the government says it has reached out to “vendors and asset owners,” asking them to analyze their computer systems for the bug that leaves the machines open to a cybersecurity attack.
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems,” DHS said. “That is why everyone has a role to play to ensuring [sic] our nation’s cybersecurity.”
DHS adds that it plans to “continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.”
The Heartbleed bug was named by security professionals at Codenomicon and Neel Mehta of Google Security, who announced their discovery Monday. The bug allows attackers to access vast amounts of private information, including usernames, passwords, instant messages, personal emails, and more.
The bug itself was created by Robin Seggelmann, a 31-year-old Münster, Germany-based programmer, who wrote the error-filled code in December 2012. The code was part of OpenSSL, an open-source cryptographic protocol that enables Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. SSL is a popular security technology that creates an “encrypted link between a web server and a browser,” as info.ssl.com explains it, and is used by millions of websites to protect data exchanged through servers.
Seggelman says he accidentally inserted the code, adding it could “be explained pretty easily” and that it was “a simple programming error.”
The bug has resulted in thousands of businesses (including Yahoo and Tumblr) asking their users to reset their passwords. On Wednesday, the Canadian government suspended its online tax collection service to make sure its systems were secure.
The only sure way to protect yourself from the bug is to avoid sites that are vulnerable. For sites that have fixed the bug, changing your password is one of the ways to protect your information. To see if your favorite sites have been affected, use Italian programmer Filippo Valsorda’s tool called the “Heartbleed Test.”
DHS has also provided the following list of tips on how further protect yourself against the bug:
Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.
Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages
After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.