Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘Heartbleed’
May 21st, 2014

Heartbleed: Almost Everyone Plans to Protect Themselves, but Less than Half of People Actually Have

Have you heard about Heartbleed? Yes? Then you belong to a minority. Following the Heartbleed threat, the bug that took advantage of a vulnerability in OpenSSL, AVAST conducted an online survey with 268,000 respondents worldwide and found that three out of four people were not aware of the the Heartbleed threat, which affected millions of sites and mobile apps.

AVAST then explained Heartbleed to these respondents. When asked if they would change their passwords after checking which sites were affected, nine out of ten said they would take action. This high number is interesting from a psychological standpoint as it shows how people think when initially confronted with a threat. People immediately plan on taking the appropriate measures to protect themselves against future threats, but how many actually follow through with their plans? In reality, less than half of people follow through with their security plans: Only 40% of the respondents who were aware of Heartbleed said they had actually changed their passwords. This number closely matches Pew’s Heartbleed report which found that 39% of Internet users have changed their passwords or canceled accounts.

Heartbleed, free antivirus, password, security

“This kind of thing never affects me”

Many respondents, both those aware and unaware of the threat, said they don’t want to change their passwords because they don’t believe their accounts have been compromised. This makes one wonder if the 41% of respondents who were aware of the threat, but don’t believe they have been affected, either think the media has exaggerated the issue – or if they have a “this kind of thing never affects me” attitude. One in ten respondents believes that the next security breach will happen soon and they therefore don’t see the point in changing their passwords. This laissez-faire attitude could be caused by the fact that many have not seen concrete repercussions of the threat or have not yet been directly notified of the threat by the platforms they use. One of the most concerning facts revealed by the survey is that many people lack the know-how to protect themselves. One in ten respondents hasn’t changed their passwords because they don’t know how to change them. 

Furthermore, almost half of both respondents, aware and unaware of the threat, said they would change their passwords once the affected platforms have implemented patches and informed them of the changes.

Passwords are like keys that protect our sensitive data online, just as locks protect the precious objects in our homes. It is recommendable to stay away from affected sites that have not yet issued patches. Once sites have implemented the necessary fixes, passwords should be changed and strengthened with the same manner of urgency as you would change the locks on your home if you were to lose your keys or if your key were to get stolen.

Use a password manager to protect all of your accounts with ironclad passwords 

Changing and memorizing new passwords over and over again isn’t easy, especially since passwords should consist of at least eight characters – or according to latest recommendations even sixteen or more. They should include a mix of letters, numbers and symbols.

A password manager like our avast! EasyPass helps encrypt and protect personal information online. avast! EasyPass creates strong, random passwords of up to 512 characters and secures your information via military-grade encryption, making password management simple and secure. avast! EasyPass is currently available at a discounted price of  $9.99 a year.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

April 10th, 2014

Do you hate updating your passwords whenever there’s a new hack?

Advice about changing passwords from AVAST.

Change your passwords as a precaution against the Heartbleed bug.

We reported yesterday about the serious Heartbleed  bug which allows hackers to steal encryption keys from nearly two-thirds of all websites.

“This is probably the worst bug discovered this year. We believed in the security of SSL/TLS, and now discover that it comes with a hole that allows anyone to read our personal information such as passwords, cookies or even server’s private keys,” said Jiri Sejtko, Director of the AVAST Virus Lab. “We, as end users, simply can’t do anything, but make sure we are as secure as possible.”

That means changing your passwords. Again.

If just thinking about changing all your passwords makes you want to jump out the window, then here are a few tricks to help make it a little less painful. At the end of this post, we’ll share a tip on how to make password creation, as well as remembering them all, as easy-as-pie. So go all the way to the end. ;)

Why do cybercrooks want your password?

It takes serious effort to hijack accounts, so there must be some payoff at the end for cybercrooks.  Obviously, it’s not to get your vacation photos. Money is the most common motivation. Your money.

There are many ways of turning stolen data into money, but one of them is worth highlighting. Research shows that 55% of us reuse passwords on different sites. It is likely that you use the same password for Facebook  that you use for your bank account.  This means that cybercrooks can steal your money much easier. Never use the same passwords on different sites, especially for really important services.

Password basics

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Tricks and tips

Maximum password security requires at least seven characters, a mix of upper and lower case, a few symbols, and a sense of humor.

Create an acronym using a meaningful, easy-to-remember piece of information. Use a sentence like My wedding anniversary is 28 December, 2001. That phrase turns into this password, Mwai28/Dec.01.

Many sites require a special symbol like ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /. Use some of those to replace letters. Your password can be this, M<>ai28/Dec.0!.

Read more…

Categories: General, How to Tags: , ,
April 9th, 2014

Heartbleed affects much of internet. Time to change your passwords again.

Heartbleed security threat scares internetThe security community is buzzing with news of a threat called Heartbleed. The bug reportedly affects nearly two-thirds of all websites, including Yahoo Mail, OKCupid, WeTransfer, and others. The bug takes advantage of a vulnerability in OpenSSL, an open-source protocol used to encrypt vast portions of the web. It allows cybercrooks to steal encryption keys, usernames and passwords, financial data and other sensitive data they have no right to.

In a blog post to their users, Tumblr described it this way,

…that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.

The latest version of OpenSSL fixes the problem and websites are already upgrading.

However, your popular social site, your company’s site, commerce site, hobby site, sites you download software from or even sites run by your government might be using vulnerable OpenSSL, warns Codenomicon on their site about Heartbleed. GitHub compiled a list of sites that are vulnerable, but some may have already been updated. AVAST’s website is safe from the Heartbleed threat.

You can check a site’s vulnerability status at the Heartbleed test site which enables users to enter domains. If a site comes back as an “uh-oh” but doesn’t say “heartbleed” then there may be something else wrong, but it’s not Heartbleed. Update: AVAST’s COO, Ondrek Vlcek recommends this checker, https://www.ssllabs.com/ssltest/analyze.html.

What can you do?

The best advice is to stay away from affected sites for a while. In their report on Heartbleed, Tor advises, “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”

You need to change your passwords for any vulnerable sites as well. Once affected sites start making the updates, they will most likely advise their customers to change their passwords. Earlier today, Tumblr sent their users a note encouraging them to change passwords to all their online accounts immediately.

“This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug,” Tumblr said on their blog.

We have written tips about creating strong passwords in the avast! blog. Read My password was stolen. What do I do now? as a reminder.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , ,