The Heartbleed Virus and Microsoft XP
April 11, 2014
By Stephen Wagner
A computer virus that has been out on the internet for two years has finally broken out to become a serious threat.
The virus takes advantage of a vulnerability of a particular communication protocol that websites use for authenticating usernames and passwords. Knowing or understanding the technical details are not nearly as important as knowing which websites are effected. It is estimated that there are over 500,000 servers that are vulnerable.
The largest web provider currently known to have been compromised is Yahoo. The only repair required is to change your passwords but only after the web site has been patched. So how do you know if your web site is effected?
If your site is not listed, go to this link: https://lastpass.com/heartbleed/ and you can check sites individually.
Sites still vulnerable include Comcast, AOL, IMDb, Wordpress, Amazon Web Services, and BestBuy.
Look at the list to see if your sites are included, paying attention to the column “confirmation from the site.” Many have been patched, but were vulnerable and recommend changing your password.
As an example, Google, Wikipedia, and Facebook were exposed, have been repaired, and recommend changing your password.
Users may want to consider a password manager that works on the platforms commonly used today, either Mac, iOS, Android, Windows, or Linux. Offerings are available that will work on your home computer, your tablet, and your phone. The information is seamlessly and securely transferred between them. The key is to have a program that encrypts the information locally on the device. You will have one master password to access the system.
Be warned: most of these programs cannot help you if you forget your master password. But you’ll be using it every day so that shouldn’t be a problem. Two suggested applications are Norton Identity Safe and Lastpass.
Check Google or your appstore on your mobile device for other suggestions. Do your research to make sure you have the features you need, and that you are secure.
In other computer news, Microsoft, after almost twenty years, has discontinued support for Windows XP. This means there will be no more security updates for the operating system. This is an important feature. Admittedly, Microsoft released an update back in the late nineties that caused problems. Many computer “experts” then advised a draconian measure: “don’t apply updates automatically!”.
This is wrong and is responsible for much of the pain experienced by users outside the corporate environment. Several of the “assistants” advertised on television that speed things up, block pop-ups, etc., actually start by applying past security updates. It is recommended that security updates be applied automatically, which is the default setting from computer manufacturers.
You see, Microsoft and other major software vendors routinely release to the industry vulnerabilities that they have either discovered or have been reported to them. Miscreants that write viruses (there is actually software that does this automatically: they are known as “script kiddies” as they actually don’t know programming!) wait a few months after the release of that information, and then construct a specific, targeted virus, Trojan, or worm just for those that don’t routinely patch security on their computers.
So confirm that your site is safe from the links above, keep your computer up to date with security patches, and use only one antivirus tool. There are many free offerings available.
Oh, the bad news about Windows XP support ending? More than 80% of ATM’s use an embedded version of XP (and your grocery store too), and there is not unified plan for updating the operating systems, as it has been customized to work with specific hardware.
Watch you bank statements, as you always should.