Heartbleed Threat?

[secone 0]

I have been running Online Armor and Emsisoft Anti-Malware for a couple of years now....none better in my opinion. Am I protected from this new Heartbleed bug that I am seeing so much about? Thanks...Emsisoft rocks!

[Elise 276]

Unfortunately not, because this bug is not located on your computer, but rather within the traffic that goes from your computer to various remote servers which use OpenSSL. Normally, when you use OpenSSL to secure data, for example to send a password (say, to log in to your gmail account), your log in data will be encrypted, it will be a garbled block of data that only the receiving server (in our example Google mail) can decrypt after which it verifies the credentials and either lets you log in or tells you you entered the wrong data.

 

In case of HeartBlead the problem is with the "garbled data" part, which in the end isn't as garbled as it should be (this is really simplifying it ) so anyone who intercepts the traffic sent towards Google Mail in our example can see your username and password (and eventually use this data to hack your mail account). No firewall can protect you against this, the connection you used was supposed to be safe, except... it wan't because there was a bug.

 

What you can do to verify if you've been a (potential) victim of HeartBlead is verify sites to which you send sensitive data (email, online banking and such). You can do that for example here: http://filippo.io/Heartbleed/

 

Be aware though, a site can be "fixed" but still have been exposed in the past. Changing passwords isn't much work and its better to be safe than sorry.

[andrzej76 3]

Heartbleed test - Which services are or have been exposed: (10 000 sites)

https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

 

 

Change passwords for sites such as:

 

- Facebook,

- Twitter,

- Yahoo,

- Tumblr,

- Google,

 

They're safe because they loaded a patch, but always worth it to change your password.