Heartbleed Volunerability

Dear Concordia,

An Internet security threat known as “Heartbleed” has come to light that has the potential to affect millions of Internet users. We’re passing this information along to you so you are aware of the issues involved and can take appropriate steps to protect yourself. Below is an article from mashable.com that outlines the details of this bug. Mashable also made a list of some of the most popular websites affected by Heartbleed and gave advice on whether or not you should change your password.  I’ve condensed that list to make it easier to read. Please feel free to contact me with any questions. 

May God bless you, 

TJ Winters
tjw@concordia.cc

Note: Heartbleed is NOT a virus and the only action you can take is changing your password on an affected site. Your computer is not affected.


http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn’t always been clear which sites have been affected. Mashable reached out [to] some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

 

Sites that DON’T seem to need a password change:

  • 1040.com
  • 1Password
  • Amazon
  • American Express
  • AOL
  • Apple
  • Bank of America
  • Barclays
  • Capital One
  • Chase
  • Citigroup
  • Dashlane
  • E*Trade
  • Ebay
  • Evernote
  • Fidelity
  • FileYourTaxes.com
  • Groupon
  • H&R Block
  • Healthcare.gov
  • Hotmail / Outlook
  • Hulu
  • Intuit (TurboTax)
  • IRS
  • LastPass
  • LinkedIn
  • Microsoft
  • Nordstrom
  • Paypal
  • PNC
  • Schwab
  • Scottrade
  • Spark Networks (JDate, Christian Mingle)
  • T. Rowe Price
  • Target
  • TaxACT
  • TD Ameritrade
  • TD Bank
  • Twitter
  • U.S. Bank
  • Vanguard
  • Walmart
  • Wells Fargo

 

If you use these sites, you MUST change your password:

  • Box
  • Dropbox
  • Etsy
  • Facebook
  • Flickr
  • GitHub
  • GoDaddy
  • Google (Includes Gmail & YouTube)
  • IFTTT
  • Instagram
  • Minecraft
  • Netflix
  • OKCupid
  • Pinterest
  • SoundCloud
  • SpiderOak
  • Tumblr
  • USAA
  • Yahoo
  • Wikipedia (if you have an account)
  • WordPress
  • Wunderlist

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s