WEAR - Search Results

The following is an archived video story. The text content of that video story is available below for reference. The original video has been deleted and is no longer available.

How hackers protect themselves from the heart bleed bug


Websites are racing to protect themselves from the heart bleed bug.

Heart bleed is probably one of the largest security exposures, at least that I can remember in ten or fifteen years. It impacts almost all of the internet.

David Kennedy, a security researcher and self described ethical hacker calls heart bleed the bug that broke the internet.
"Everybody was affected by this, Facebook was affected, Yahoo was affected, a number of companies we put our information into every day were affected."

And while companies have worked to fix it, the security flaw is untraceable, making it difficult to tell if you've been compromised.
"If you're using the internet for any purpose, there will be an effect."

Robert Hansen, also an ethical hacker, says don't use the same password for different sites.
"In light of heart bleed, probably the first thing you should do is go to a search engine and type in heart bleed check. And if you're going to do business with a website, type in that website's name into that form and see whether it is or isn't vulnerable to heart bleed."

How do the hackers keep themselves safe?

"There's things like two factor authentication, things that allow you to have to enter a password and then something else. For example, Gmail has this built in automatically."

Laurie: You're an ethical hacker so you know a lot about how people hack. Take me through your browsing history. When you go to Facebook, when you go to Twitter, when you check your e-mail.

David: I don't actually know any of my passwords inside of my head. I only know one password. My passwords are literally between 32 and 50 characters long. They're completely unique to where you're never going to be able to guess them.

Kennedy keeps his passwords stored in something called a password vault -- programs like keypass and one pass for mac are built for this

Daniel: Passwords themselves are pretty much a legacy of old way of thinking.  We need to move to other technologies, for instance biometrics is a great one. It's definitely possible from a technology perspective to say 'hey I want to log into Gmail,' swipe your finger, verifies who you are and now you're logged into Gmail, not have to remember passwords and it's tied to this.

The Iphone 5S and the Galaxy S5 now have fingerprint scanners but both systems have been beaten by hackers. 
More advanced biometrics could provide greater security, things like identity by voice or even your heartbeat.

For now, the internet remains vulnerable and the ones who know it best, take extreme precautions.
"I'm always in private mode which means that when I close my browser, the cache and cookies are removed. All ads are removed. All tracking systems are disabled / the list goes on and on."