- Cooking Mama’s return whips up a fresh batch of memes Tuesday 8:18 PM
- Influencer body-shames model, Photoshops photo of self to ‘prove point’ Tuesday 7:27 PM
- Boosie Badazz goes on transphobic rant about Dwyane Wade’s daughter Tuesday 6:34 PM
- Royal Family’s website accidentally links to porn instead of charity Tuesday 5:39 PM
- Republican senator spreads false conspiracy about coronavirus Tuesday 5:11 PM
- New DNA technology could help exonerate Black man serving life sentence Tuesday 4:24 PM
- ‘SNL’s’ Kenan Thompson to host the White House Correspondents’ Dinner Tuesday 3:58 PM
- Singer Summer Walker dragged for insensitive HIV comments Tuesday 2:39 PM
- This video of a teddy bear getting steam cleaned makes a perfect meme Tuesday 2:27 PM
- Ted Cruz goes on Twitter tirade over proposed vasectomy bill Tuesday 2:22 PM
- Billie Eilish says she’s stopped reading Instagram comments Tuesday 2:13 PM
- Christian group blames satanists for Twitter poll results Tuesday 1:41 PM
- Coronavirus has pandemic-themed video games topping charts Tuesday 12:58 PM
- Bloomberg said kids are drawn to socialism because they think it involves social media Tuesday 12:55 PM
- Jake Paul gives ill-informed advice on how to deal with anxiety Tuesday 12:25 PM
Department of Homeland security warns Americans of Heartbleed risk
Your passwords are broken.
The United States government is imploring citizens to change their passwords to protect against the Heartbleed bug.
In a message from the Department of Homeland Security (DHS), the government says it has reached out to “vendors and asset owners,” asking them to analyze their computer systems for the bug that leaves the machines open to a cybersecurity attack.
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems,” DHS said. “That is why everyone has a role to play to ensuring [sic] our nation’s cybersecurity.”
DHS adds that it plans to “continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.”
The Heartbleed bug was named by security professionals at Codenomicon and Neel Mehta of Google Security, who announced their discovery Monday. The bug allows attackers to access vast amounts of private information, including usernames, passwords, instant messages, personal emails, and more.
The bug itself was created by Robin Seggelmann, a 31-year-old Münster, Germany-based programmer, who wrote the error-filled code in December 2012. The code was part of OpenSSL, an open-source cryptographic protocol that enables Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. SSL is a popular security technology that creates an “encrypted link between a web server and a browser,” as info.ssl.com explains it, and is used by millions of websites to protect data exchanged through servers.
Seggelman says he accidentally inserted the code, adding it could “be explained pretty easily” and that it was “a simple programming error.”
The bug has resulted in thousands of businesses (including Yahoo and Tumblr) asking their users to reset their passwords. On Wednesday, the Canadian government suspended its online tax collection service to make sure its systems were secure.
The only sure way to protect yourself from the bug is to avoid sites that are vulnerable. For sites that have fixed the bug, changing your password is one of the ways to protect your information. To see if your favorite sites have been affected, use Italian programmer Filippo Valsorda’s tool called the “Heartbleed Test.”
DHS has also provided the following list of tips on how further protect yourself against the bug:
Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.
Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages
After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.
Fernando Alfonso III served as an early Reddit and 4chan reporter and the Daily Dot’s first art director until 2016. He’s gone on to report at Lexington’s Herald-Leader and at the Houston Chronicle.