We are not bleeding at LoginRadius
We are happy, your information is safe. We at Loginradius are not using OpenSSL for security and encryption and we are not compromised or affected.
Heart bleed and you
The security bug which was under the carpet identified by Neel Mehta of Google Security, left millions of web companies including Yahoo, Pinterest ,Nasa, Google and billions of users connected to internet under the biggest security threats the Internet has ever seen . For the last 2 years we were using all these services with out noticing the bug and its impact.
If you have logged on to the effected site in the last two years, your account information, cyber criminal can break into your personal information including your password and credit card information etc.
What is heartbleed bug?
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”
How I am affected?
Think that you lost your key set containing your home, office, car and all your secret lockers and bunch of hackers know where is it when you are not home.
Whether you are service provider or web user both the parties are affected and need to make sure safety for next couple of days.
What security measure should I take?
For web providers
– Check whether your site is affected here
– Upgrade your OpenSSL or a security patch can be found here
– If you are affected inform the users and stop user access, it is not negative big companies are affected and doing the same
– Revoke all your SSL Certificates
– Get new SSL Certificates form the vendor
– Post fixing the issue send an email communication to all users to change their password
For Web Users
– Visit here and check whether the site you are accessing is affected
– A list of site affected can be found here and here
– Do not use affected sites
– Clear your cache and browser stored password
– Log out from all auto log-in sites.
– Change the passwords for that site where security path s fixed
Or take a good vacation from the Internet for this week and have more offline networking with people you haven’t met due to social networking.