Non Vulnerable Websites - Update Your Passwords at These Sites Now

This summary is not available. Please click here to view the post.

Heartbleed Security Flaw and What You Need to Do: Now and Later

As you may have read, a major flaw in a key aspect of overall Internet security has been discovered in the last couple of days. It affects the vast majority of Internet websites. Usernames and passwords may have been stolen. The nature of this particular flaw makes it impossible for anyone to know whether or not an actual theft of information has occurred. This flaw is known as the Heartbleed or SSL bug.

Although a software fix has been issued every website affected by this bug needs to take its own actions to update their software in order to close the breach. You probably will begin to receive emails from websites with whom you do business, advising you that they have upgraded their software.

According to the New York Times:

"Security researchers say it is most important for people to change passwords to sensitive accounts like their online banking, email, file storage and e-commerce accounts, after first making sure that the website involved has addressed the security gap."

Although a pain, it will be a good idea to change all passwords in the near future. If you are not already using a secure password management application on your computer and smart devices, now is an excellent time to consider doing so. I always recommend 1Password.

Again, it is advised at this time to wait and be sure a website has updated itself with regard to the "Heartbleed" or "SSL" bug before changing your password. Look for the e-mail notifications (check your spam folders) or be proactive and visit your key sites to see if they have posted an announcement.

Here is a website that you can use to see if a particular website has been fixed. (I can't swear to it's accuracy, but it is a very helpful site.)

If you are the curious type, here is the official heartbleed.com website offering all kinds of who, what, where when, why and what nexts.

E-Mail Phishing Alert

You probably receive and ignore a few phishing messages in your email every day. In fact, most are pretty easy to spot or are filtered by your SPAM settings. But, here's a fairly sophisticated one that has been making the rounds lately. It's being used to grab your Google credentials.

Be on the lookout for any e-mail that asks you to log into a Google Docs to view something. here.
Remember, if it's legit, you'll always be able to find it by going to the website on your own and the general advice remains the same: Do not click on links in e-mails unless you are absolutely sure of the source of the email and have checked the URL referenced in the link. Read more

White Collar Handyman offers instruction and coaching on how to understand the ins and outs of email.

iOS 7.1 - A Jailbreak Killer!

The iOS7 update looks good for everyone. It even promises a snappier performance for iPhone 4 users. But, it's also a jailbreak killer. And not any old jailbreak killer; those who seem to know say that this update might be "the end of all jailbreaks."

Certainly, each successive update has taken longer and longer to jailbreak. So, if you are really attached to those fun little features that only a jailbreak provides, hold off on the update. Otherwise... as always:

1. Attach the iPhone to your computer.
2. Open iTunes.
3. Click on "Back Up Now."
4. Wait for the backup to finish
5. Click on "Check for update" and then update to 7.1

Your phone will be unusable for about an hour and will need to remain connected to the computer for another few hours, depending on how many apps, pix, music, etc. need to be restored to the device.

There's a patch for that

Apple has released a fix for the SSL bug. Go update your Mavericks Mac now! Here are the details.

And if you haven't updated your phone, do it now. See my previous post.

Update your iDevices, Watch your Macs

The SSL vulnerabilities revealed on Saturday are serious. Everyone with an iPhone, iPad, and iPod Touch should update their devices to the latest OS. That's 7.0.6 for most of you, and 6.1.6 for those of you who won't or can't upgrade to 7.

The very fact that Apple issued an update for 6 tells you that this is important.

Until you can update your iDevices, please turn off WIFI whenever you leave your secure home or secure office network. Right now, I would trust nowhere else.

Even though you can update/upgrade directly over the air on your phone, don't.

Here's the safest way to upgrade/update:

1. Attach the iPhone to your computer.
2. Open iTunes.
3. Click on "Back Up Now."
4. Wait for the backup to finish
5. Click on "Check for update" and then do update to 7.0.6

Your phone will be unusable for about an hour and will need to remain connected to the computer for another few hours, depending on how many apps, pix, music, etc. need to be restored to the device.

If you don't want to upgrade right now, switch off wifi. It is important.

Macs not running Mavericks are OK. People with Mavericks, in addition to avoiding unsecured wifi should:

1. Stop using Safari and Mac Mail.
2. Use the latest Firefox or Chrome.
3. Keep an eye open for an update from Apple; it's coming soon.