The past few weeks have seen two major internet security problems discovered. One involved Internet Explorer. The second is something called “Heartbleed”.
Internet Explorer
The Department of Homeland Security found a flaw so severe in Internet Explorer that they recommended no one use it until Microsoft fixed the problem. Disabling Flash was a temporary fix, but the vast majority of users were fully exposed to takeover of their computer. As Microsoft said, the error “could allow attackers to run malicious software on the user’s computer — and even gain the same level of access to the computer as the real user.”
Fortunately Microsoft has been able to release a fix. Be sure you have Windows Update set to “automatic” and that the fix has been installed. Another approach would be to switch from Internet Explorer to using a different browser like Chrome or Opera. The iMGA web site has no issues supporting any of the major modern browsers. The same may not be true for all web sites you use, though.
Heartbleed
There has also been a lot of chatter lately about “Heartbleed”. Many of the internet’s largest and most popular web sites were compromised.
Should you worry?
Yes, and no.
Heartbleed did NOT risk your computers, only internet servers.
Heartbleed is a problem in a particular version of an encryption library called OpenSSL. It allowed random access to whatever might have been stored in the memory of a web site’s server at the time of the attack. That means it’s possible your user name and password on an exposed server might have been compromised.
iMGA was not compromised. We never used that version on our web site. It is important that you change your password on any site that was compromised. iMGA was not, but you’re welcome to change your password on our site at any time.
Change your passwords
This is a good time to change your password across other sites that were at risk from the bug and have patched their servers. Note that if their servers are not yet patched, you will need to change your password once they have. CNET is keeping a list of the status of the top 100 sites and whether they have been patched.
Changing your passwords is especially important if you, like most people, use the same password and email address on multiple services. If you’ve done this, then a hack into any one of those services risks exposing your login information for multiple services.
The easiest way to manage the project to change your passwords (and make sure they’re more safe moving forward) is to use a password management program like LastPass (available free) or 1Password. It’ll help you set up truly secure passwords for all web sites and you’ll only have to remember one.