- Alexis Bledel named most dangerous online celebrity 6 Years Ago
- Kylie Jenner trademarks ‘rise and shine’ after meme success 6 Years Ago
- ‘Watchmen’ website expands what you know about its alt-history 6 Years Ago
- Smoke ’em, pass ’em Week 8: Mark Walton szn Today 4:26 PM
- Venmo’s first-ever credit card to launch in 2020 Today 3:46 PM
- Wet Kylo Ren may turn everyone to the dark side Today 3:15 PM
- Man allegedly targeted trans women on dating app, robbed them at knifepoint Today 3:02 PM
- Researchers expose how Amazon Echo and Google Home can steal passwords Today 2:47 PM
- Facebook removing Instagram Story filters that mimic plastic surgery Today 2:16 PM
- Mom solves ‘ghost baby’ image mystery after viral post Today 1:23 PM
- Elon Musk tweeted ‘through space’ Today 1:16 PM
- Don’t want a Fitbit? These step tracker apps got you covered Today 12:51 PM
- Protesters sing ‘Baby Shark’ to soothe frightened toddler Today 12:47 PM
- Who is Babu Frik, the adorable, teeny mechanic from ‘Rise of Skywalker’? Today 12:36 PM
- Senators push for social media data portability Today 12:11 PM
Department of Homeland security warns Americans of Heartbleed risk
Your passwords are broken.
The United States government is imploring citizens to change their passwords to protect against the Heartbleed bug.
In a message from the Department of Homeland Security (DHS), the government says it has reached out to “vendors and asset owners,” asking them to analyze their computer systems for the bug that leaves the machines open to a cybersecurity attack.
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems,” DHS said. “That is why everyone has a role to play to ensuring [sic] our nation’s cybersecurity.”
DHS adds that it plans to “continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.”
The Heartbleed bug was named by security professionals at Codenomicon and Neel Mehta of Google Security, who announced their discovery Monday. The bug allows attackers to access vast amounts of private information, including usernames, passwords, instant messages, personal emails, and more.
The bug itself was created by Robin Seggelmann, a 31-year-old Münster, Germany-based programmer, who wrote the error-filled code in December 2012. The code was part of OpenSSL, an open-source cryptographic protocol that enables Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. SSL is a popular security technology that creates an “encrypted link between a web server and a browser,” as info.ssl.com explains it, and is used by millions of websites to protect data exchanged through servers.
Seggelman says he accidentally inserted the code, adding it could “be explained pretty easily” and that it was “a simple programming error.”
The bug has resulted in thousands of businesses (including Yahoo and Tumblr) asking their users to reset their passwords. On Wednesday, the Canadian government suspended its online tax collection service to make sure its systems were secure.
The only sure way to protect yourself from the bug is to avoid sites that are vulnerable. For sites that have fixed the bug, changing your password is one of the ways to protect your information. To see if your favorite sites have been affected, use Italian programmer Filippo Valsorda’s tool called the “Heartbleed Test.”
DHS has also provided the following list of tips on how further protect yourself against the bug:
Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.
Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages
After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.