Over the last couple of days, you’ve probably seen a lot of conflicting information about various computer security problems. Experts are extremely concerned, and all over the world, IT operators are rushing to fix things. But how serious is it, and what do you need to do?
We can’t stress enough that you shouldn’t ignore this situation, and you should act soon.
Related Article: The Biggest Data Breaches of 2019
However, don’t panic. Taking the wrong action, or acting too early, won’t help.
If you’re unsure what to do about either of the two issues we’re discussing today, then call us. We’ll be happy to advise you.
Note: this is a rapidly developing situation. Information was as up to date as possible at the time of writing, but things may have changed by the time you read this.
Heartbleed is a serious bug in the internet security software SSL that has potentially compromised millions of sites and passwords worldwide over the past two years. It has been fixed and sites are installing the patch as fast as possible, but many of your passwords have probably been stolen.
This has been described as the most severe security alert in the history of computing. “Catastrophic is the right word. On the scale of one to 10, this is an 11,” according to security expert Bruce Schneier.
Affected sites include massively popular sites such as Google, Yahoo, Facebook, Dropbox, Tumblr, Instagram, Pinterest, Minecraft, OKCupid, Flickr and GoDaddy. Banks and other institutions are checking to see whether they’ve been hit. Around two thirds of the sites on the Net have been affected – there’s a list here of the top ten thousand sites and whether they’re still vulnerable.
You’ll have to update your password on any site that’s been affected, and on any other site where you’ve used the same password. It’s a real pain, but sadly there is no way around it. Your personal data is no longer safe, and you’re wide open to identity theft.
What you should do now
- IMPORTANT: Do not update all your passwords immediately. If you update your password on a site before they’ve finished patching it, you’re just compromising your new password and you’ll have to do it again in a few days.
- If you use any of the sites listed above, then update your password as soon as possible. Do it today if you haven’t done it already – it’ll only take you a minute or two for each site.
- Check this list for other popular sites to see whether you need to update those as well.
- For any other site you use, or have used in the last two years, use the LastPass Heartbleed checker to find out whether it’s vulnerable and if you need to update.
- If you use Chrome, you can use Chromebleed to tell you whether the site you are on is currently vulnerable.
2. Windows #XPocalypse
Support for Windows XP has now officially ended. There is now an increased risk from hackers, malware and viruses.
Some governments and major businesses have purchased additional support, but that doesn’t mean you will benefit from it.
There hasn’t been a major XP incident yet, but most experts believe it’s only a matter of time. If you continue to use Windows XP, you are exposing yourself to attack and, if you use it commercially, your business.
What you should do now
- If you have a computer that runs XP and is ever connected to the Internet, upgrade it as soon as possible.
- You may be able to upgrade to a newer operating system, but if you have an older, low-spec machine, you may need a new computer.