- AARP - http://blog.aarp.org -
‘Heartbleed’ Heartburn: Time to Change Your Passwords!
Posted By Sid Kirchheimer On April 9, 2014 @ 5:35 pm In Scam Alert | Comments Disabled
With the discovery of a major flaw in one of the Internet’s primary encryption methods, it’s time to immediately change your passwords  – and then keep your fingers crossed.
That familiar padlock on many websites that we rely on to protect our sensitive online information has apparently been opened to potential hacking.
This week, security engineers at Google and the security company Codenomicon revealed a bug named Heartbleed in OpenSSL, the encryption technology used by two-thirds of Web servers, according to the New York Times.
This technology is the standard used by most websites to transmit data that users want to keep private , basically providing a secure line when you’re sending online messages back and forth.
As many as 500,000 trusted websites may be affected, according to some reports – along with virtually any computer user that accesses them.
This doesn’t mean your sensitive information has necessarily been stolen. Rather, it means until a fix is applied, it may be vulnerable to theft – now and in the future. Already, many websites have announced they are working on the issue.
But some experts say it may be wise to avoid engaging in e-commerce until it’s clearer whether websites with which you do online business or transactions better understand, and take measures to prevent, risks you and they may face.
Check those websites for updates, which should be on the home page or elsewhere where you shouldn’t have to log in.
Also, in coming months carefully monitor your financial statements and free credit reports.  (You should be doing that anyway.)
Codenomicon says many large consumer sites should be safe. “Ironically,” the company notes, “smaller and more progressive services or those who have upgraded to [the] latest and best encryption will be affected most.”
Still, Heartbleed can potentially reveal the contents of a server’s memory, where most sensitive data, past and present, is stored – user names, passwords, credit card and even Social Security numbers, according to CNET. “It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”
Codenomicon says it’s not known whether the vulnerability has been abused, but reports indicate there’s evidence that attackers are aware of the bug.
For now, changing your passwords is a good first step, but even that won’t help unless the services affected by Heartbleed are updated.
Learn more about Heartbleed here .
For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts  with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.
Photo: stevendd/iStock 
Also of Interest
See the AARP home page  for deals, savings tips, trivia and more
Article printed from AARP: http://blog.aarp.org
URL to article: http://blog.aarp.org/2014/04/09/heartbleed-heartburn-time-to-change-your-passwords-2/
URLs in this post:
 Image: http://blog.aarp.org/wp-content/uploads/2014/04/thumbnail.jpg
 change your passwords: http://www.aarp.org/home-family/personal-technology/info-2014/create-password-avoid-hacks-kirchheimer.html?intcmp=AE-BLIL-DOTORG
 data that users want to keep private: http://www.aarp.org/money/scams-fraud/info-2014/protect-personal-online-data.html?intcmp=AE-BLIL-DOTORG
 >> Sign up for the AARP Money newsletter: http://www.aarp.org/online-community/people/subscribeFromEmail.action?id=29636&intcmp=ILC-EMAIL-SUB-MONY
 free credit reports.: https://www.annualcreditreport.com/index.action
 >> Get travel discounts with your AARP Member Advantages.: http://discounts.aarp.org/travel/index/uSource/HCTN?intcmp=AE-BL-TRV-DISC
 here: http://heartbleed.com/
 Fraud Watch Network: http://www.aarp.org/money/scams-fraud/fraud-watch-network/?cmp=RDRCT-FRDWCHNET_SEPT17_013
 free email alerts: https://action.aarp.org/site/SPageNavigator/FWN_Registration_Page.html
 stevendd/iStock: http://www.istockphoto.com/stock-illustration-5048700-vector-bloody-broken-heart.php
 Quiz: Are You an Easy Target for Scammers?: http://www.aarp.org/money/scams-fraud/info-2014/scam-easy-target-quiz.html?intcmp=AE-ENDART1-BL-REL
 Las Vegas, Nevada and 9 Other Budget-Friendly Trips for 2014: http://travel.aarp.org/articles-tips/articles/info-02-2013/affordable-vacation-ideas-2013.html?intcmp=AE-ENDART2-BL-BOS
 Get free assistance with tax-return preparation from Tax-Aide: http://www.aarp.org/money/taxes/aarp_taxaide/?intcmp=AE-ENDART3-BL-ADV
 Join AARP: https://appsec.aarp.org/MSS/join/application?keycode=U9ZTPH9&intcmp=AE-ENDART3-BL-MEM
 AARP home page: http://www.aarp.org/?intcmp=AE-ENDART3-BL-HP
 Image: http://www.youtube.com/watch?v=00m_w6904JM
Copyright © 2013 AARP. All rights reserved.