The News

Open a Support Ticket

Need HELP? Click here!

Need Help?

 
For all kinds of technical support; website management, remote computer assistance, email support, virus and malware removal. PC and Mac.

Follow Us

Heartbleed is a recently discovered vulnerability in a very commonly used library of encryption.


Encryption is the process of 'hiding' data that needs to be secured from prying eyes, such as passwords and credit card details.

 


Basically, any website or service you use that requires a logon could possibly be using encryption, and is then very likely to be using the library that is vulnerable. Also, anywhere you enter credit card details will definitely be encrypted.


So any sites you visit that use https:// in the address are possibly vulnerable.  (There are other service types that use this encryption as well, like VPNs)


THE IMPACT: Any time you have used a site with encryption, the data you sent across that secure channel could possibly have been 'sniffed' out - in other words, intercepted during transit between you and the website you were accessing. If that was the case, someone could have a copy of that data, and this would likely include passwords and credit card details. This is what the 'sniffers' would be ultimately seeking out, in any case.

 

So if you have at some time in the last 2 years used a website to transmit credit card details, or you have logged in to a service somewhere, then it is POSSIBLE that someone has those details.

 

HOW DO I KNOW WHAT SITES OR SERVICES WERE AFFECTED?: You won't, necessarily. You would have to ask the administrators of the service in question. It's probably safe to assume that all services were affected (although this is not true, just precautionary).

 

You can check to see if a service you use is affected right now, however, using this tool:

http://filippo.io/Heartbleed/

 

WHAT YOU SHOULD DO: Changing passwords is ultimately going to be required to ensure that any of your accounts remain secure. BUT because some services may not have patched their servers agaist this exploit, the password change you perform COULD be 'sniffed' also.

 

The best thing you can do right now IS to change your passwords, but you should be prepared to change them again on a regular basis (weekly would seem reasonable), at least until you are sure each service

you use has been patched. IN FACT, any good IT guru will tell you that you should be changing your passwords regularly any way :) Let this be a lesson to us all!

 

NOW IS A GOOD TIME TO LEARN TO PRODUCE SECURE PASSWORDS!
If you're going to go to the trouble of changing passwords, you may as well take the time to make and memorise something secure.


There are just a few simple guidelines you should follow to create secure passwords, and while this won't protect you from something like Heartbleed, it will prevent other types of attacks from being effective against your accounts:

 

  1. Use at least 8 characters, but the more you use, the more secure your password becomes.
  2. Use a mix of upper and lowercase letters, along with numerals. Using special characters can be helpful too, BUT just note that some systems will not accept special characters in passwords. Use all lowercase if you like, and just be sure to include one capital letter and one number.
  3. DO NOT SPELL OUT WORDS OR NAMES! This is important. A "dictionary attack" could easily reveal your password so the simple principle here is to not spell anything. Replacing the letter 'o' with a zero, the letter 'L' with a number one, and other common replacements are not recommended either - they are most likely included in some hacker's dictionary somewhere. Try to be random with your selection.

 

So to assist with remembering your passwords, you can use a system like the following:

  1. Pick a word or short phrase you will remember, 8+ characters - e.g. albatross
  2. Pick one or two letters to capitalise - e.g. AlbaTross
  3. Now replace at least one lowercase letter with a numeral (be random!) - e.g. AlbaTro7s


That password is pretty secure, but also simple to memorise.

 

You can use something like this website to check the strength of your passwords. Keep in mind, this site is pretty thorough in it's diagnosis. The above password gets a score of 64%, which doesn't sound all that high, but it's measuring on a pretty large scale. If the 'complexity' is strong, and you have followed all of the above suggestions, you should be secure:

http://www.passwordmeter.com/

 

ANOTHER NOTE ABOUT PASSWORDS: You should avoid using the same password over and over again. It's a good idea to develop several password and assign them to different 'levels' of security.

 

LEVEL 1: Use one password for things that are not all that sensitive to you - stuff that will not have a huge impact on your life should someone get access to it.

 

LEVEL 2: Use another password for things that are a little more sensitive, but which would not impact you too badly should someone steal it.

 

LEVEL 3: And finally, designate another password for the stuff you really care about. You should probably have several of these.

 

  • Your level 1 password could probably go unchanged for a good long period.
  • Your level 2 password you would probably want to change each year.
  • And your level 3 passwords, you should get in the habit of changing quarterly.

 

A NOTE ABOUT CREDIT CARD DETAILS: If you're concerned, call your bank and get a new card. You should probably also review all your statements for the last 2 years to check for any unknown transactions.

 

A NOTE FOR WEBSITE OWNERS: If your website uses SSL, you may wish to consider re-generating your private keys and then a new Certificate Signing Request (CSR), and ultimately get a new certificate and install it.

 

 

If you have any concerns, please feel free to contact us.

One year of webhosting, with personal support:
AU $189
(ex GST)

Click here to get started
or here for more details.

   

plansPlanning Your New Website

Our guide will assist you in mapping out your website, including structuring your menus and information architecture, preparing your content, and assisting with layout.

 

 

 

Website Pricing


Basic Website
(including basic contact form, basic image gallery, modified template, favicon)
- from $800

Basic Website + More Customisation
(including basic contact form, basic image gallery, highly modified template, favicon)
- from $1500

Your Own Fully Custom Design
We can apply your own design to Joomla!
- from $2200

Our Custom Design
We can also design for you
- from $2800

 

Request a Website Quote

 

 

 

elegantlogic-qr-contact-card-100x100

Scan me into your phone

 

 

do it yourself websites

Do-It-Yourself



joomla-logo

Joomla Developer



help-key

Instant Support



joomla-logo

Joomla Web Hosting



 

On-site Computer Support Areas

  • Chelsea
  • Edithvale
  • Aspendale
  • Asp. Gardens
  • Carrum
  • Bonbeach
  • Mordialloc
  • Braeside
  • McKinnon
  • Clayton
  • Dandenong
  • Dingley
  • Cheltenham
  • Parkdale
  • Patterson Lakes
  • Carrum Downs
  • Chelsea Heights
  • Mentone
  • Waterways
  • Keysborough
  • Dandenong
  • Sandringham
  • Springvale
  • Narre Warren
  • Hampton
  • Highett
  • Sandhurst
  • Brighton
  • Bentleigh
  • Rowville
  • Caulfield
  • Frankston
  • Lyndhurst
  • Seaford
  • Mentone
  • Mount Eliza
  • Oakleigh
  • Moorabbin
  • Cranbourne
  • Narre Warren
  • Beaumaris
  • Langwarrin
  • Noble Park
  • Black Rock
  • Mulgrave