66% of the Internet under Threat by Heartbleed Security Bug

Perhaps not as famous or earth-shatteringly threatening as the Y2K virus was supposed to be, a newly discovered security flaw named Heartbleed has still managed to affect 66% (or two thirds) of the Internet, leaving a lot of users to the mercy of hackers.

So, how does this aptly named bug work? First, you’ll have to understand what an important Internet security protocol called OpenSSL is. Every time you attempt to login to a site, all your login information, such as your username and password, is sent to a server by first encrypting it using a protocol called Secure Sockets Layer(SSL). Each software developer implements SSL in a different way. The most commonly used open-source implementation of SSL is OpenSSL, which is used by as much as two-thirds of the websites presently active on the World Wide Web.

Heartbleed is a glitch in OpenSSL that hackers can use to gain access to plain texts from emails, instant messages, passwords, business documents-pretty much anything a user sends to a server that is not properly protected.

Heartbleed had been in existence for over 2 years before anyone with remotely good interests had even noticed it, giving hackers enough time to find and utilize this bug to gain access to valuable user information.

The question always arises “How can Internet users, who don’t know much about systems, protect themselves”? According to most experts, there isn’t much we can really do about it. Matthew Prince, CEO of content delivery network Cloudflare, one of the first businesses to be informed about the existence of such bug, had this to say about normal people protecting themselves:

“When you finish using a website, make sure to actively log out.”This is basically all you can do to prevent your data from being hacked into and losing whatever privacy you had left in the digital world; which although is not much, still reduces the chances of anyone stealing your personal data.”

Although the situation is dire, there is much optimism about this glitch being fixed soon. Almost all major online services are actively trying to fix the problem on their end, since it is such a high-risk affair. Users of Twitter, Facebook, and Youtube don’t have to worry about heartbleed anymore, as these services have patched up their systems; but there are still some high-profile websites who have not done it. These include popular sites such as OKCupid, Flickr, and Yahoo.com among various others who still remain exposed and their users unprotected from hackers thanks to this Heartbleed bug.

Sites which are still vulnerable to the Heartbleed bug should not be logged into until and unless the Heartbleed glitch has been dealt with by the experts. Though some might find this hard due to our current over-reliance on social media, this is the best course to avoid being hacked into. There are websites on the internet that allow you to check whether certain sites have managed to stamp out the Heartbleed glitch in the OpenSSL. But these websites are notoriously unreliable. Therefore, your best bet would be to instead rely on the official twitter feeds or blogs of the vulnerable sites to know how far along they are in the process of getting rid of this flaw in OpenSSL.

Once you have received confirmation that the Heartbleed bug has been dealt with, you can login into your account. But, once you do that, remember to immediately change your login credentials. This way, you can ensure that hackers who had access to your personal data previously, do not possess it any longer.

You can add to your online safety practice by investing in VPN services like Hide My IP, which will give you added protection for your ISP IP address and from apps and programs trying to access it.

4 Ways you Could be Compromising your Security Online

The life of the modern day man revolves around the internet. There is very little that we do that cannot be associated with the internet; from socializing to shopping, to streaming to surfing, internet gobbles up a huge amount of our daily time, energy and money. While there is nothing wrong with this extensive use of the internet, we can never forget the fact that every indulgence comes at a cost, and when it comes to the internet, every piece of information we share on it, makes us a little more vulnerable to cyber crime.

Given the advancement and convenience of technology in this era, cyber criminals can attack unsuspecting victims using something as elementary as your full date of birth. The problem is centered around our average use of the internet, and that, unfortunately, is comprised of us sharing much more of our personal information on social networks, dating sites, and general accounts than just our date of birth.

Financial Security

A prime example of how cyber criminals collect data is monitoring what you share, for example, when you insert your address, your mother’s maiden name, or the name of your pet on any internet platform, you are actually putting your bank accounts at risk. Cyber criminals can make use of this information to establish new loans or credit in your name and, they can access your existing accounts, obtain your medical benefits, tamper with your social security number, and file false tax returns. Some criminals may even resort to pawning off their criminal charges courtesy of your social security number.

A terrifying reality of the extent of theses crimes can be best referenced to an incident involving Yale University. The names and social security numbers of 43,000 faculty members, staff , students and alumni of Yale University were accessed by Hackers. This was done using our most beloved search engine Google.

Physical Security

Financial fraud is a big concern, however, privacy and security in general is at risk every day. The information we share on social media can be security hazards, like when you expose your relationship status; you could be giving stalkers a chance to attack you. Another security hazard includes letting everyone know your whereabouts by checking into locations online.

Checking into a store and updating your status to say you’ll be there for a while or checking into the airport and announcing your vacation, gives thieves a timeframe and the approximate amount of opportunity they will have to overturn your home before you arrive. This is most often seen during the holidays when everyone is posting their gifts; robbers then know exactly what to look for and when you’ll be out.

Compromising your Image

You also have the problem of sharing personal photos. Now it’s okay to let people into your personal lives through photos, but it’s quite unwise to present these photos to people that you cannot or should not trust. Cyber criminals have been known steal photos off of profiles and share them on pornographic sites, use them to make fake dating profiles to dupe other unsuspecting victims, and sell them as stock photos without your knowledge.

Compromising your Job and Clean Record

Last but not the least, revealing information on the internet can actually shed light on your own mistakes and get you in deep trouble. For example, a teacher once got fired because she posted pictures of her drinking. In Europe, a Buckingham Palace guard was promptly terminated as well for using foul language to describe a member of the Royal family. At the extreme end of the spectrum, we have a couple who were arrested for posting pictures of themselves having a rare species of iguana for dinner.

At the end of the day, none of us can survive a day without the internet (or at least that’s what we think). Given how important the internet is to our existence, it is imperative for us to be careful about how we use the internet.

5 Valentine’s Day Security Tips for Online Dating

Valentine’s Day is just around the corner and as usual, the whole population is going to be divided into three parts. First we have the happily committed couples who can’t wait for Valentine’s Day to come around, and then there are the rest of the singles who just want to get the day over with. Finally, the third grouping are those individuals who take advantage of online companionship on dating sites and social networks offered on the internet. Now, while it’s absolutely nothing wrong with finding love online on Valentine’s Day, keep in mind that many people take to the internet to find love or friendship online in exceptionally large percentages on this day, making them targets for cybercriminals.

Cybercriminals use this opportunity to prey on these individuals and take advantage of their emotional loneliness, by pulling of cons or even petty crimes on online dating sites.

Here are five online security tips that you can adhere to so that such scams or cons don’t happen to you.

One for all

There are some scammers who tend to send generic messages to everyone at one time. That is to say, they “broadcast” the message for all to see, which is a method for them to capture the attention os as many victims as they can at one time. The messages are just bait; the “scam” actually occurs after they’ve gathered a list of replies, and those who do, are their targets.

How to spot such a message?

  • If you are contacted online by someone and they make no direct reference to you, then it is likely to be a broadcast message.
  • For instance they won’t mention you by your name, or even address you directly.
  • You can feel the artificial nature of the conversation.

Once you spot them, stay away from them.

Putting A Ring On It?

Its comical knowledge that men tend to run in the other direction when a girl talks about marriage, and women become skeptical when a guy talks about marriage; although not all men and women are like this, Hollywood likes to make a go of this stereotype. But when it comes to online dating, especially on Valentine’s Day, it pays to be skeptical and wary.

If you meet someone online, and they start talking about love, marriage and creating a family with you almost immediately, then you should stop talking to them right away. Finding love online is not impossible, but it requires time to get to know the person and become comfortable with them in order to begin talks about marriage. Valentine’s Day cybercriminals like to reel people in this way in order to victimize the person.

Money Talks

This is the most obvious sign of a con. Whenever someone wants some sort of money from you by giving you whatever reason, just walk away. These people will probably play it slow and let you know about how much suffering they are going through. They might even let you know that he/she can barely pay their bills to gain your sympathy. Once you fall for it, they will ask you to wire some sort of payment to their “secret” accounts. When you are done paying them you’ll never hear from them again.

Delayed Response

While being anonymous on online dating sites is actually kind of helpful, it does become hard to really know if a person is genuinely single or not. Often people in relationships or married couples,  tend to pretend to be single and try to “score” somebody. The quickest way to spot such people is to notice the time it takes them to reply. If they reply at late hours or even days later, then it is likely they are committed to somebody else and are probably having fun with you.

Usually the only time they have to talk online, is when their family or spouse is away, which is almost never if they are living together, hence, how long it takes them to reply.

Reveal only to the good

Online dating sites are open to all. It can and does include con men, convicts, psychopaths and even potential future criminals. For such reasons, never reveal too much personal information, especially your home or work address.

Other information can include the name of the schools or institutions your children attend. Giving out such information will make your children vulnerable if the person you are interacting with turns out to be a criminal. Even if you are meeting this person in the physical world, avoid giving out your address.

Meet up in public places and delay revealing your information until you are sure that the person is actually a good human being. Follow these steps and you’ll be set to find love online on lovers day.

Don’t let Valentine’s Day turn into a disaster. Oh, and don’t forget to buy some flowers.

 5 Ways to Achieve Internet Privacy

Data Breaches on the Rise

Many who may read this title would think the words Internet and privacy don’t necessarily go together in the sense that both are feasible to achieve simultaneously. However, we’ve got 9 steps that you can take to ensure that they are.

1) Cookies- The first step to achieve Internet privacy is simply removing cookies and site data by using private browsing. As many websites are prone to saving your information and IP address to understand the activities for their benefit, this can be quite risky as many of them might use that information without your consent, ultimately leading to the violation of your privacy. Enable private browsing in Internet Explorer, Google Chrome etc, this will avoid the storing of cookies through security features in these browsers.

2) Proxy- Use web proxies such as to hide your IP address. Your IP address can give away much of your information; your location, your browsing activity, your preferences. Enabling proxy settings in your browser will protect your IP address from being tracked.

3) VPN- Different from the proxy settings we discussed above, VPN services are network based protection services you can take advantage of in order to protect your IP address, whereas proxy settings are completely browser based. We discuss this in detail on this post. You should be aware of public WiFi areas and accessing websites that require passwords while using those publix networks. It is also advisable to beware of file sharing in these areas as well.

4) Log Out- Social networking sites and other similar networks track your activities while you are logged in. For advertising purposes for example, Facebook will track the activity you take part in on other open tabs; shopping searches, recent purchases, and recently viewed items online are all cached into your account’s “back office” where programs work to try and provide them with relevant and personally interesting content on their timelines and ads. in the process, your privacy is revoked. So, log out of your accounts before you open new tabs and search online.

5)  Google Yourself- People are increasingly searching their own names online and with good reason. Your information can slip through the cracks of your security measures and land on search engine results and thats something you don’t want. Periodically searching your name will show you any data that may be associated with you that has been leaked. Photos, documents, articles, profiles; often social media sites may automatically set certain things your post to “public”, or you may click it unknowingly. You’ll only know what’s out there if you look for it. Once you find it, you can proceed with removing the data from public databases by using these tips:

Follow these steps and you’ll be closer to keeping your identity safe from predators online and taking back control from “fine-print” terms and condition agreements.

Our Guide to Navigating TOR

When it comes to browsing safely and securely, who can we rely on other than our very own Onion Router (TOR). Internet is becoming the life and soul of modern living; it is also becoming insecure and risky, as large scale surveillances by NSA are taking over. So, to save you from such activities, TOR has come up with a system which is secretly routing your Internet history on other parts of the Internet so that no one can track down your identity or the real source of your browsing.

However, just having TOR installed on your computer won’t guarantee you a safe browsing experience. It is crucial to know how to use it properly, as actions taken within the program can mean the difference between creating a complicated user experience and disabling the program from protecting you altogether.

The Do’s

A few things should be taken into consideration when working with TOR:

  • In order for it to function fully, you should always update your system at all times. TOR is a software fully functioning on top of your operating system, if your system is not fully updated and functional, then hackers can easily take over your computer and disable TOR.
  • Try not to use Windows, as it has certain security bugs and vulnerabilities which might lead to TOR not being able to be fully functional.
  • It should be noted that TOR is only a traffic router, and it will only be able to hide the root of your communication. It can only do this from within your network.
  • The exit nodes of the TOR networks can only read plain unencrypted data; always using end-to-end encryption such as SSL or TLS and using add-ons like HTTPS everywhere is crucial.

Online privacy should be a top priority for any Internet user, so do use TOR, for in this era, no one can be trusted when it comes to internet safety.

There are a few other techniques that need to be performed with TOR,  such as encrypting data storage, disabling flash and java, deleting cookies and local data of the site. Always try to use data protection services so that you are protected from certain threats, as TOR can only hide your Internet’s origin, not the data in your computer.

Software like JavaScript might not be very reliable; they are very powerful and their websites can track you in many ways.

It’s a good idea to try and remove the cookies and site data; websites might have hidden terms or clauses that make it legal for them to store your browsing history on their servers, facilitating their ability to pinpoint your location. If manually doing this becomes a hassle, invest in an add on like self-maintaining cookies and your security is restored!

Things Not to Do

There are a few crucial things you should not do when working with TOR on your computer.

  • Don’t use the TOR browser bundle as it is not at all reliable (FBI has recently taken down Freedom Hosting due to faults in the browser).
  • Avoid P2P, as it is not meant for sharing files; downloading torrent through BitTorrent might prevent TOR from doing its work, (the exit nodes are there to stop the file sharing) and it will make it unable to protect your identity, because the client of the torrent uses your IP address for the tracker and the peers.
  • Lastly, try to avoid Google as it uses the user’s information for the growth of its revenue. Use alternatives such as Startpage and DuckDuckGo, and while you use them and TOR, please don’t give your real email address. As it is your REAL email address,  you will kind of be giving away all your information by yourself.

Try to be safe. Internet safety is of utmost importance in this era, and you never know who is tracking and doing harm to unsuspecting users. Follow these rules, because just installing the software won’t provide a full security experience, much like setting an alarm on your clock but not turning it on, won’t offer a fully functional experience.