How to Protect Yourself (and Your Passwords) from Heartbleed


Security threats are making the news quite a bit lately, whether that involves situations where a user’s information either has been compromised or potentially could be compromised. The latest Heartbleed web security flaw has nearly everyone recommending that you update all of your online passwords. With this particular security threat however, you need to check first to see that the web site you are accessing has actually been fixed. LastPass, the makers of a password management service, have created a LastPass Heartbleed checker that you can use to see if the site you are about to change your password with has been updated. Changing your password before the site has been updated will still leave you vulnerable. But even if there isn’t a clear and present threat, the Department of Defense has recommended that passwords should be updated at least once a year.

Read the full story at Giga OM.

Note: re/code reports that Apple said iOS, OSX and “key web services” were not affected by Heartbleed.
Note: ComputerWorld reports that Twitter was unaffected by Heartbleed, too.

Amidst Recent Hacks, Twitter Calls for Stronger Passwords

Amid the ongoing epidemic of hacks and account breaches at major companies and online services, Twitter officials are once again reminding users how to beef up the security of their passwords. A blog post published Tuesday night by Twitter Director of Information Security Bob Lord came a day after the official Twitter account for Burger King was hacked by pranksters who used their unauthorized access to publish tweets falsely claiming the fast food chain had been sold to arch-rival McDonald’s. Lord’s post also followed a similar compromise of Jeep’s Twitter account, resulting in the Chrysler division’s logo being replaced with one belonging to competitor Cadillac. The account takeovers came almost three weeks after hackers pierced Twitter’s defenses and stole cryptographically protected password data belonging to some 250,000 users.

Read the full story at Ars Technica.