The Internet has been buzzing with news of the Heartbleed bug
, a serious security flaw in cryptographic software that is used on millions of Internet servers. Sites affected by the bug have been vulnerable to the theft of passwords and other account information.
Which sites were affected?
Affected sites and services included Flickr, Gmail, Netflix, Yahoo (including Yahoo Mail), YouTube, and social networking sites Facebook, Instagram, Pinterest, and Tumblr.
Shopping sites from Amazon, Apple, Target, and Walmart were not
affected. Neither were AOL or Microsoft email services. Most major banks and financial and government services were unaffected.
affected by the Heartbleed bug.
What You Should Do
You should immediately change the passwords for your accounts at all of the affected sites mentioned above, check with other sites you use for announcements, or change your passwords just to be safe.
Three rules for password safety:
- Use strong passwords. Hackers use brute force password-guessing software that can test millions of passwords in a split second, so passwords should be long and contain a mixture of lowercase letters, uppercase letters, digits, and punctuation symbols.
Passwords like "123456" and "abc1234" and "iloveyou" were never good choices, but these days even a password like KidsRTheGr8est will eventually be found by hackers. Passwords should not contain words from the dictionary or personal names or numbers, such as your dog's name or your house number or birth year. The best passwords are completely random strings, like keRx@s0O+ig7*pY7hiEn.
- Change your passwords routinely, not just when there's scary news about security. Need a rule of thumb? Change your passwords (and your smoke alarm batteries) when Daylight Savings Time starts and ends.
- Never use the same password for different services or websites. If somebody guesses your Flickr password they shouldn't also have your online banking password!
When you use very strong passwords they get harder to remember. Nobody can remember a password like keRx@s0O+ig7*pY7hiEn. But you don't have to if you use these tricks:
Security at Marrowforums
- Record your passwords in a safe place rather than trying to remember them all.
- Let websites remember you. For example, if you check the "Remember Me?" checkbox when you log into Marrowforums from your home computer, you won't be prompted for your password again unless you decide to log out.
- Use a password manager, which is software that can generate random passwords and then remember and even type them for you. Password managers include 1Password, KeePass, and LastPass.
We take privacy and security seriously. Most information at Marrowforums
is public, particularly your user name, your posts, and your forum signature, but we do not share or reveal the three types of personal information stored on our server:
- Your email address.
- The date of birth you entered during registration. You can remove this information from your Marrowforums account, if you want, by clicking My Settings, then Edit Profile, and then clearing your date of birth or changing the Privacy drop-down choice.
- The contents of your Private Messages. If you don't want to leave them in the forum system you can empty your mailbox using the instructions we provide.
Even if you don't have a lot of private information to protect at Marrowforums
, it's important to use a strong password and keep your account safe for two reasons:
- Even a small amount of personal information should be yours alone.
- If an unscrupulous person guesses your Marrowforums password, they may log into your account and make posts in your name, or send inappropriate Private Messages, including ad pitches, to other Marrowforums members, who will then blame you.
If you have questions about privacy, security, passwords, or the Heartbleed bug, feel free to post them here.