Buzz Skull . Welcome to the Brutal Buzz, I am IndieVisible and will be your host.

Thursday, April 10, 2014

No, You Shouldn't Change Your Passwords Just Yet

Revelations that 500,000 sites have been deemed vulnerable have sparked suggestions users should change their passwords. Here’s why you shouldn’t do it, at least not yet.

Users who change their passwords before websites update any security vulnerabilities may put their data at more risk.

Heartbleed / Via

An enormous security flaw called Heartbleed that has left more than 500,000 sites vulnerable to attackers has resulted in many commentators suggesting that internet users should change their passwords to any websites that might be at risk. These include the likes of Facebook, Tumblr and Google, according to a list on Mashable.

But internet security experts have said people should not change their passwords just yet. Instead, they should wait until the company sends them a message, such as the one sent by If This Then That on Wednesday night.

A security researcher with Rapid7, Mark Schloesser, told the Guardian that users could leave themselves in a worse situation if they change their passwords before any vulnerabilities are fixed, revealing both their former and new passwords in one go.

He said: "The estimate is that the larger providers all get patched within the next 24-48 hours [Thursday to Friday afternoon] and I would agree that people should change their credentials when a provider has updated their OpenSSL versions."

Trey Ford, also at Rapid7, added that users should avoid entering any sensitive information on vulnerable sites.

This is because the flaw in the SSL keys means an attacker could intercept communication between the user and the server.

Ford said: "Until this is done, attacks may still be able to steal cookies, sessions, passwords, and the key material required to masquerade as the website."

But there are a number of websites that have already updated their security flaws and recommended for users to update their passwords.

Here's a list:

View Entire List ›

via IFTTT Click Here to meet women in your area right now online!
Real Time Web Analytics