Tuesday, 15 April 2014

HeartBleed - what do I need to do?

The HeartBleed "Bug" is not a virus which may infect your computer. It is a flaw, or vulnerability, in the software which protects some "Secure" websites.

If you see HTTPS at the start of a web address, the letter "S" stands for Secure, which gives you peace of mind when sharing sensitive information with that website.

Except that some sites may not have been so secure as we'd once thought!

Effectively this bug could have allowed attackers to read the memory of affected web servers. That memory may have included information such as your username and password, etc. 

No-one knows for sure whether, or not, this flaw was ever exploited by any hackers. It has been present in the affected software for about 2 years and the world has yet to stop, so my own suspicion is that it hasn't been used against any Web Servers so far.

A fix for the flaw has been issued and almost all affected web servers will have been patched by now.

So, that's OK, panic over then. Phew!

But, and there's always a but, because we don't know too much about whether or not this flaw was ever exploited, the recommendation now is to change all of your internet passwords anyway.

Why bother? Because it is very good safe-surfing practice to change your passwords every 6 months or so, and why not do it now?

You should use complex passwords, which are different for every web site that you visit. A complex password is built up with CAPITAL letters, lower-case letters, numb3rs and pun&tuat!on marks, such as P4ssw0rD!  But, how would you ever remember several such passwords?

Here's a simple solution. Decide on a random word which will form the basis of all of your passwords. But that word shouldn't be a real word or name which is associated with you in any way, or able to be guessed. Let's put that into practice.

At school I really liked a girl called Carol, (although I never dared tell her so!) So the basis of my randomly generated passwords shall be "arol".

I'll now add both punctuation and a number  - arol9!

That is the core of all my new passwords.

To make it unique, wherever I may need a password, I shall add the first 2 letters of the name of the company I am dealing with to the front of my new password in Capital Letters.

So, if I am dealing with Amazon, I would create the unique password of AMarol9!
Ebay is given EBarol9!
Marks and Spencer gets MAarol9!
The IT Dept = THarol9!

I have quickly and simply created an infinite number of exceptionally strong passwords which are extremely memorable.

Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2014