Doesn’t Matter if You’re Conservative or Liberal

Heartbleed could have you bleeding from more than your heart.

What’s it all mean to us Mac and iDevice users? Bob sent along this very informative, understandable piece he received this afternoon from Intego (his anti-virus/anti-malware/anti-other-yucky-stuff package):

Earlier this month, the OpenSSL project issued an emergency security advisory that warned about an open bug called “Heartbleed”. This serious vulnerability could lead to malicious hackers spying on what were thought to be secure Internet communications.

Here at Intego, we take our responsibility to protect you very seriously. It’s to this end that we wanted to send out an update and provide some resources to keep you well-informed. See the Mac Security Blog for the top FAQs on Heartbleed for Mac and iOS users.

Am I at risk if I use a Mac? What about an iPhone or iPad?
We cannot stress this enough: while Apple products may be “safe” encrypted data is not. The Heartbleed bug enables the theft of information otherwise protected by SSL/TLS encryption, and it affects many of the Web sites and other Internet services you use. If the services use OpenSSL to help manage the flow of encrypted data, it doesn’t matter if you’re on a Mac or a Windows computer, your data may be at risk.

Which Web sites are vulnerable to the Heartbleed bug?
You can check if a site is vulnerable by using the search too, here: http://filippo.io/Heartbleed

If you use a site that is affected, the security bug possibly compromised your password, and you’ll have to change it once the bug is fixed. Before you change passwords on a site, first check to see if it is vulnerable to Heartbleed. Don’t change your password until you know it’s safe.

Which websites are vulnerable to the Heartbleed bug?
Major Web sites are reported to have been affected, including Yahoo, Flickr, Imgur, OKCupid, Stackoverflow, and Eventbrite. You can find a snapshot of vulnerable sites here: http://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt.

Where can I find more about Heartbleed?
A great overview about Heartbleed is covered at The Wire, which points out that fixes for the flaw will take some time, because individual servers have to be fixed manually, and some people might not get around to repairing the bug for quite awhile. In other words, you should take heed from Heartbleed on a site-by-site basis. Until affected sites are fixed, we strongly encourage you to stay away from those sites.

What else can I do to protect my data?
Although anti-virus software cannot protect your data after it has been entered into vulnerable Web sites, Intego encourages all Mac users to implement a layered approach to Internet security, which can help keep your Mac and your data safe from known malware and malicious applications.

Intego gets into a bit more detail on their Web site. PYBT: Heartbleed Threat Alert Update for the whole story.

Have you run across any other good Heartbleed information? Leave a comment and let us know, if you have, so we can share that, as well.