Heartbleed Part II: Some Online Passwords That Do and Don’t Need Changing to Relieve Some of the Heartburn Caused by Heartbleed

Apr 11 Heartbleed Part II: Some Online Passwords That Do and Don’t Need Changing to Relieve Some of the Heartburn Caused by Heartbleed


The Heartbleed flaw: In no time, it went from “That the name of a band?” to “The sky is falling. The sky is falling.” Now, if by chance you’ve been on Mars or in a marketing meeting (or in a marketing meeting on Mars) the last few days, Heartbleed is an encryption flaw in the Open SSL cryptographic software library.

Two-thirds of web servers worldwide use the Open SSL cryptographic software library to connect with end users and guard against digital eavesdropping. While the flaw was just discovered, it has been open to hackers for approximately two years. Best of all (that, of course is sarcasm) if a hacker were stealing data, nobody would know because the flaw made it possible to steal logins and passwords without leaving evidence the hacker was even there.

If you’re over 23 (give or take), you’re aware of the Y2K computer flaw when it was predicted that at 12:01 a.m. New Year’s Day 2000, planes would fall out of the sky, commerce would cease and there would be rioting, looting and chaos worldwide. And worst of all: no 2000 Super Bowl!

The point is no one exactly knows if data has been compromised or if hackers even knew about the flaw. Now, there is a fix and affected companies have either implemented it or are in the process of implementing it.

Mashable.com surveyed some of the most frequented sites on the web to find out the status of their fixes and whether they advised customers to change their passwords. Following is a partial list. You may find their complete list on mashable.com, “The Heartbleed Hit List: The Passwords You Need to Change Now.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.


Leave a Reply

Your email address will not be published. Required fields are marked *