Cloud Hosting

;

It's time to change your passwords one again, thanks to a potentially massive data leak.

Its once again time to change your passwords. A bug found in internet infrastructure company Cloudflares software has been leaking personal data including private chat logs and passwords from hundreds of thousands of websites for months.

Cloudflare, which offers hosting and security services to websites, hosts six million sites, including services like Uber, FitBit, OKCupid and password management program 1Password.

READ MORE: Average cost of data breach in Canada is $6.03M, study finds

According to Google researchers who discovered the bug, now known as Cloudbleed, the vulnerability had been sending chunks of data to users browsers when they visited a webpage hosted by the company. The bug may have been active since September 2016, but researchers say it was definitelyfrom February 13 until it was discovered on February 18.

Of the leaked data, researchers said they found private messages from dating sites, full messages from chat services, online password data, frames from adult video sites and hotel booking details.

READ MORE: Canadian Tire admits 5 days after breach customer info may have been accessed

WATCH ABOVE: One of Canadas largest in-store and online retailers has acknowledged it suffered a security breach forcing it to prevent customers from checking their points and credit card accounts. Sean OShea reports.

While the leak has the potential to be very dangerous for web users, the company said there is no evidence the data was accessed by hackers.

Weve seen absolutely no evidence that this has been exploited, Cloudflare Chief Technology Officer John Graham-Cumming told Reuters. Its very unlikely that someone has got this information.

Researchers said about 120,000 webpages were leaking information every day.Graham-Cumming noted the company has been working with Google to remove any sensitive data that may have been indexed by search engines.

The website doesitusecloudflare.com has already been set up, allowing users to search through services they have signed up for to see if they might be affected.

Unfortunately, its unclear just how many web users may have been affected by the Cloudflare bug. While the company has downplayed the severity of the leaked data and fixed the vulnerability itself, security experts warn there could still be fallout for those who use websites run by Cloudflare.

READ MORE: Ransomware on the rise in Canada How to protect your data

While Cloudflares service was rapidly patched to eliminate this bug, data was leaking constantly before this point for months. Some of this data was cached publicly in search engines such as Google, and is being removed, wrote security expert Ryan Lackey in a blog post.

Other data might exist in other caches and services throughout the Internet, and obviously it is impossible to coordinate deletion across all of these locations. There is always the potential someone malicious discovered this vulnerability independently.

Dating site OKCupid said its initial investigation revealed minimal, if any exposure from the bug. 1Password also said none of its data was found to be at risk.

Lackey and others recommend users change their passwords right away, just in case any leaked data fell into the wrong hands.

Cloudflare is behind many of the largest consumer web services (Uber, Fitbit, OKCupid, ), so rather than trying to identify which services are on Cloudflare, the most cautious is use this as an opportunity to rotate ALL passwords on all of your sites, he said.

Security breaches like this one are a good opportunity to be more proactive about the type of passwords you use. For example, stay away from easy-to-guess passwords like 123456 or password as well as easy to guess identifiers, like your dogs name.

Experts say passwords that include a mix of letters, numbers and symbols are more secure but numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.

Passwords that use up to 10 uppercase and lowercase letters mixed with numbers are proven to be more secure despite being hard to remember.

READ MORE: How to protect yourself from security breaches on social media sites

One tip is to construct a password from a sentence, mix in a few uppercase letters and a number for example, There is no place like home, would become tiNOplh62.

And remember, try not to use the same password for any two accounts.

If the website or service you are using offers two-stepauthentication, experts agree its in your best interest to turn it on.

Two-factor or two-step authentication requires the user to set up their account so that a text message containing a secondary login code is sent to their phone every time they log in to their account. That means a hacker would have to have both your password and your cellphone in order to get access to your accounts.

With files fromReuters

2017Global News, a division of Corus Entertainment Inc.

Follow this link:

What you need to know about 'Cloudbleed,' the latest internet security bug - Globalnews.ca

If youre going to pay for security, its a good idea to pay for a complete package. Previously Emsisoft offered a bundle of its Anti-Malware and Online Armor packages, but has ditched that in favour of this: one integrated suite containing the functionality and protection of both.

It shares the Emsisoft Anti-Malware user interface, and then adds in the core firewall protection from Online Armor. Your money buys you the protection of not just one, but two anti-malware engines (BitDefender alongside Emsisofts own) and offers three layers of protection in the form of a real-time file scanner, zero-day blocker based on suspicious behaviour and a web blocker that prevents you from visiting known unsafe websites.

Emsisoft also comes with an optional PUP module that will alert you whenever potentially unwanted programs like browser toolbars and bundleware try to get on your system.

When it comes to the firewall, while Emsisoft Internet Security includes the same robust engine that powers Online Armor, it utilises a simpler, friendlier UI thats intelligent enough to keep the number of alerts it throws at you to a minimum while keeping you informed as programs attempt to access the internet for the first time after installation.

All of this is wrapped up in a slimline, Windows 10-inspired user interface thats as slick and lightweight as the program itself. Installation is straightforward: enter your license or activate the trial, download the latest updates, choose whether or not to enable PUP protection and then choose your initial scan.

Once set up, click the programs Notification area icon to access the configuration screen. This is split into six sections Overview is self-explanatory, as is Scan, Quarantine (go here to view what files have been blocked and unblock them), Logs and Settings. The Protection tab is the most useful this is where you fine-tune your various protection settings, but for most people these can be left alone.

Delving deep into the program is definitely something for more advanced users, but the fact is that Emsisoft Internet Security will provide protection for any user, whatever their level of technical know-how.

For v2017.2release info (see the changelogfor more):

New: Scanner settings screen which acts as a template for on demand and (new) scheduled scans. Improved: PUP detection in installers. Improved: Program start-up performance. Improved: Integration with Windows Security Center. Improved: Minor improvements related to permissions. Improved: Faster loading of the Behavior Blocker screen. Improved: Minor GUI improvements. Fixed: Issue where missed scheduled scans were not executed.

See the rest here:

Emsisoft Internet Security 2017.2.0.7219 - TechCentral.ie