April 2014

Well that didn’t take long. We didn’t make it out of April and there is already a serious vulnerability that won’t be patched for Windows XP – a serious Internet Explorer flaw. US-CERT, a division of the Department of Homeland Security has advised US citizens to stop using Internet Explorer until it is fixed, as they could find no practical workaround.

I try to be neutral about such things, but I gave up Internet Explorer long ago for Google Chrome. It’s faster and more stable, and I wouldn’t go back for anything. There are very few sites that won’t work with Chrome so I recommend you check it out.

It’s been a busy month as I also sent out an advisory a couple of weeks ago about the Heartbleed vulnerability which affected secure websites.

With Heartbleed, it’s important to note that there have still been no confirmed instances where the vulnerability was successfully exploited, so while a very serious issue, it seems maybe it was caught before real damage was done. However, there are two important steps you should take just to be safe:

1. Change your password on all secure sites
2. DON’T use the same password – each site needs a strong and unique password

I know, I am groaning right along with you. Multiple passwords are a headache. However, the way most of these hacks work is they break into some silly meaningless site where security doesn’t seem to be important. Maybe you signed up for a rewards card or you posted a question in an online support forum. They get your name and password, and then they follow the money – bank sites, shopping sites where your credit card info is saved, financial sites, etc. And guess what – you used the same login and password on one of those sites, I guarantee it.

What I do is I use a strong and unique password on all sites of concern. I do compromise and reuse the same password on many of those other sites, as long as I am sure there is no personal information or financial information attached.

The best way to manage all these passwords is to use a tool like LastPass. It securely manages the passwords for you. I’ll be honest, it is an added risk, because if my LastPass account is ever compromised, I’m in real trouble. But my LastPass vault has over 150 entries – I couldn’t possible manage without it.

Let me know if you have questions or need any help!