Jason Steurnagel guest blogged for us earlier in What to Know about the Heartbleed Security Flaw. See below for his most recent follow-up!
Current Status of Heartbleed
Some stats regarding HeartBleed in the wild:
Top 1,000 sites: 0 sites vulnerable (all of them patched)
Top 10,000 sites: 53 sites vulnerable (only 0.53% vulnerable)
Top 100,000 sites: 1595 sites vulnerable (1.5% still vulnerable)
Top 1,000,000 sites: 20320 sites vulnerable (2% still vulnerable)
Also check out this listing of major sites that were affected by the vulnerability.
Action To Take Now
If you have been waiting as was initially advised to change passwords, it is a good idea to follow through with password changes now. At this point all major sites have been patched. A recent study concluded that only 39% of people have taken action and changed passwords since the vulnerability was announced.
Due to the nature of the vulnerability, it is impossible to know if your passwords or data were compromised by the vulnerability. Due to the length of time this vulnerability was in the wild (2 years) and how widespread it was, there is a reasonable chance your passwords or data was compromised.
Tips For Strong Passwords:
– No Dictionary Words, Proper Nouns, or Foreign Words
– No personal information (birth date, Soc, Sec., etc.)
– Longer the better (At least 8 characters is recommended – and more is advised)
– Use at least 3 of these in the password (upper case, lower case, number, symbol)
Tips for Remembering Passwords:
– Base them on words, but change the makeup of the word (Ex. CoffeeCup – change to C0ff33Cup!)
– Use phrases (Ex. YoullNeverGuessThisCrazyLongPassword!)
– Use a password manager. There are quite a few of these out there and gaining in popularity. A few good ones include 1Password, Dashlane, and MSecure.
Written by Jason Steuernagel
Jason is the Principal of Momentum Technology Group and works in IT consulting, IT infrastructure design and management, cloud computing, virtualization, and disaster recovery planning and implementation. Click here to see Jason’s profile on LinkedIn.