A major flaw was recently discovered in the security of the World Wide Web. This flaw is so serious that it even has Internet
security firms worried. The vulnerability has been found in OpenSSL, the open-source software package used by many websites to encrypt web communications. The flaw allows attackers to eavesdrop and steal the information that is normally protected by SSL/TLS
encryption, which is used to protect e-mail communications, instant messaging (IM) and, web applications and some virtual private networks (VPNs).
It's been dubbed the Heartbleed Bug and if you use the Internet for online banking, checking email or e-commerce, you could be affected either directly or indirectly. Your passwords, private communications and even credit card information could be compromised
due to this bug.
The Heartbleed Bug was jointly discovered by a team of security engineers at Codenomicon and Neel Mehta of Google Security. It affects many websites on the Internet, including popular social media sites, commerce sites, online banks, email services and
even websites run by the government.
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” as stated on their website
, which explains the bug.
“This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and
users and to impersonate services and users.”
Security experts say that as long as the flawed version of OpenSSL is in use, online activity will remain vulnerable. The solution to this is by deploying Fixed OpenSSL
. So just how widespread
is this vulnerability? The website estimates that over 66% of websites and online services on the Internet use the flawed version of OpenSSL.
“Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users,” according to security experts. “Service providers and users have to install the fix as it becomes available for the
operating systems, networked appliances and software they use.”
Business Consumer Alliance offers the following tips:
- You can use this free online checker to see if a certain website has the Heartbleed bug.
- For any sites that require a login and password, you should change your password but only change it AFTER you've verified that the site is no longer using the flawed version of OpenSSL or that it wasn't affected to begin with. Changing your password while
a website is still using the vulnerability still makes your data susceptible to being compromised.
- Use passwords of eight characters or more with mixed types of characters.
- If possible, avoid using the same username/password combination for multiple websites.
Be sure to 'Like' and follow us on all of our social media platforms to get the latest tips and scam alerts. Visit our website often to use all of our free services to consumers before engaging with a business.