Is Your Web Security at Risk?
As several news outlets have been reporting this week, a serious bug, Heartbleed, was discovered. The bug affects OpenSSL, which, according to NPR, is "a popular cryptographic library that is used to secure a huge chunk of the Internet's traffic. Even if you have never heard of OpenSSL, chances are, it's helped secure your data in some way.”
A large number of websites (about two-thirds, according to the Associated Press) use OpenSSL and the Heartbleed bug allows the attacker to get access to the websites’ encryption keys that keep your communications with the companies private. This would allow attackers to get access to passwords and credit card numbers, among other things.
NPR breaks down the Heartbleed threat, pointing out a number of important facts:
- There is no way of knowing which websites use OpenSSL, as businesses of all sizes use it, and whether or not they use it isn’t advertised.
- The bug has existed since March 2012, so two years’ worth of communications could potentially be stolen.
- There is no real way to protect oneself, aside from changing passwords and avoiding open Wi-Fi networks.
The New York Times advises web users to wait a day or so before changing passwords on their websites, suggesting, “immediately changing passwords could feed a new password into a website that has not fixed the flaw.”
According to the New York Times, web users will have to sit tight at the moment and wait for individual websites to announce whether or not they have addressed the flaw.
Posted by Jamie Friedlander on Apr 09, 2014