Changing Your Password Won’t Stop Heartbleed! The most Prolific and Insidious Internet Threat in History Explained

image

I’ve read many stories and even received many emails by service providers telling me

“our systems have not been affected by this “Heartbleed” bug you may have heard about…however to be sure your information is safe we are asking all customers to change their password”

This is the stupidest statement I’ve ever read, and it’s a blatant lie… These companies are either ignorant themselves or just trying to placate you, changing your password does absolutely NOTHING TO PREVENT THIS WORST HACK SINCE THE INTERNET BEGAN…..

You see, the bug is part of the Internet Infrastructure at this time, it’s a Security software called OpenSSL which an estimated 95% of all websites and other software and Web applications use for almost EVERYTHING!  Which is why it’s been said it’s the most serious incident in the history of the Internet….

Most people have no idea just how serious this is, but I will try to show you and explain it in terms you can understand.

Consider every Bank, Every Stock Trading Service, Every hosted website, every login script, Every Online store, every email server, every security tool, every security protocol, every browser, every SSL certificate, Every payment processing service, every software application currently being used…. they all use or have embedded into their code or support OpenSSL.

The Irony

OpenSSL was software which was  developed many years ago to keep you and everyone else safe from hackers and predators intent on hacking into the banks, websites, stores, payment gateways….

The Problem

Someone very smart, recently looked through the code which was written to create OpenSSL, and they discovered a basic software development mistake that opens OpenSSL up to even kiddie script hackers now like this 19 year old in Canada who just used the discovered vulnerability to steal 900 Canadian social security numbers…. From the government, that should tell you just how insidious this discovery really is…

The ONLY Cure
So THE ONLY THING THAT WILL STOP THESE HACKS is REPLACING OpenSSL (which is free open source software) with something else, there are numerous alternative security protocols however it IS NOT A SIMPLE SOLUTION!  which is why a recent analysis stated that 70% of the Internet was still vulnerable to this “bug”

The Only way to stay safe until it’s completely replaced throughout the Internet is to REMOVE YOUR DATA AND CLOSE YOUR ACCOUNTS

Obviously the businesses are trying to stop mass hysteria by sending these misleading emails asking people to “Change passwords” when they know full well that won’t do anything. They also will most likely tell you that THEY were not affected….. Hogwash…. If their on the Internet, the odds are they are using it and vulnerable and are scrambling to replace it everywhere… The problem is it is so integrated into everything which is why it’s being called
The Biggest Internet Threat in the History of the Internet

So, don’t be fooled, no company unless their smart, is going to be honest about how big of an impact and how vulnerable they’ve been made because of this discovery, so use common sense and Protect Yourself… And right now there’s only one way to do that… Don’t use the Internet for secure transactions or place your critical data anywhere on the Internet even behind a firewall or VPN tunnel, it’s still not safe (or could still be not safe, depending on what is being used, but why risk it?

Pull everything, wait 6 months then when you feel confident, before selecting a new provider have them show you their OpenSSL replacement plan and how they have resolved the issue, if that can’t provide that immediately then go somewhere else…

Advertisements