An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
But it hasn’t always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.
Don’t change your password. It’s strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it’s applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least initially) but protecting yourself isn’t quite as easy as changing your password. Unlike past exploits, Heartbleed isn’t a database leak or a list of plaintext logins; it’s a flaw in one of the web’s most prevalent security protocols — and until its fixed, updating your login information won’t do a darn thing to protect you. What, then, can you do to protect yourself? Wait, watch and verify.
Although some companies will notify users that their services have been patched (like Google did), not all of them have or will. That means you need to be aware of which websites were vulnerable to the bug and routinely check them to see if they’re back on track. Don’t worry, that’s not too difficult either. Sites like GitHub and Mashable have already compiled lists of popular websites, services and social networks, noting if they were affected at the time of Heartbleed’s discovery, and in some cases, if they’ve been patched. You can check manually, too: concerned coders and even some companies have made tools available to help you suss out sites that are open to attack. Coder Filippo Valsorda has created a Heartbleed checker and thefolks at LastPass have a similar tool — either or both will update you on the status of a site’s security certificate. If it comes up clean, you’re safe to change your password.
Hundreds of thousands of web and email servers worldwide have a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections, experts say.
They could also leak personal information to hackers when people carry out searches or log into email.
The bug, called “Heartbleed”, affects web servers running a package called OpenSSL.
Among the systems confirmed to be affected are Imgur, OKCupid, Eventbrite, and the FBI’s website, all of which run affected versions of OpenSSL. Attacks using the vulnerability are already in the wild: one lets a hacker look at the cookies of the last person to visit an affected server, revealing personal information. Connections to Google are not vulnerable, researchers say.
Internet users outside of the United States are blocked from accessing the wealth of streaming video and music content available to Americans. Even Americans are deprived of international services like BBC iPlayer. Faced with this, many people choose VPNs. However, VPNs are not the ideal way to access region-blocked videos and music. There are better ways.
These services allow people outside the USA to pay for videos and music – either with money or with our attention and ads. The alternative is piracy, but we jump through hoops for the ability to access legal services. Media companies should be happy we try to bypass region blocks instead of turning to piracy, and they should be offering great services that we can pay for. As Valve’s Gabe Newell once said, piracy is a service problem.
It’s here. It’s finally here. A new class system has finally arrived with Tumblr Pro!
If you’ve been on Tumblr today you’ve probably noticed an abundance of top hats. No, you didn’t miss out on an invite to some fancy internet party. As part of an April Fool’s day joke, Tumblr has decided to crown some of its users with a Tumblr Pro top hat. (You can go pro too. You should see a little blue button on your blog for a “free upgrade” to Tumblr Pro.)
A Colorado mother learned an important lesson of her own last week when her plan to teach her daughter just how quickly a photograph can spread online through social media worked far too well.
In an attempt to explain to her daughter Amia why she couldn’t have a Facebook or Instagram account, Kira Hudson decided to show her just how quickly a photograph could spread online. This involved taking a picture of Amia holding a sign that said “Mom is trying to show me how many people can see a picture once it’s on the Internet,” sharing it with all her friends and asking them to like and share for the sake of the parenting lesson.