Are Sites You Visit Vulnerable to Heartbleed Security Flaw?

Are Sites You Visit Vulnerable to Heartbleed Security Flaw?

This week it has emerged that a major security flaw at the heart of the internet may have been exposing users' personal information and passwords to hackers for the past two years.
It is not known how widely the bug has been exploited, if at all, but what is clear is that it is one of the biggest security issues to have faced the internet to date. Security expert Brue Schneier described it as "catastrophic". "On the scale of one to 10, this is an 11."
A flaw in the popular OpenSSL software has led millions of people vulnerable to having their banking information, tax files, emails, and other online data exposed. And there's no way to know if someone has accessed your information. Nicknamed "Heartbleed," the "bug" is actually a weakness in OpenSSL's cryptographic software that makes SSL/TLS encryption backfire on computer users. The "https" protocol that is supposed to identify a secure website is actually a signal to hackers that the site is vulnerable to cyber attack. The hackers can then trick a computer's server into sending data stored in its memory.
Google security researcher Neel Mehta was the first to discover Heartbleed, and the weakness was confirmed by internet security firm Codenomicon. Alarmingly, researchers found that the Heartbleed flaw has been in OpenSSL for two years. It is unknown if attacks have been carried out, because exploiting the software loophole leaves no trace. In addition to exposing users' passwords, personal files, and credit card information, hackers can also steal encryption keys-- the code that translates computer-generated nonsense into usable information.
Do I need to change my passwords?
Some security experts are saying that it would be prudent to do so although there is a degree of confusion as to when and if this needs to be done. Many of the large technology firms including Facebook and Google have patched the vulnerability.
Confusingly though Google spokeswoman Dorothy Chou specifically said: "Google users do not need to change their passwords." A source at the firm told the BBC that it patched the vulnerability ahead of the exploit being made public and did not believe that it had been widely used by hackers.
Our advice is to take care of the passwords that are very important to you. Maybe change them now, maybe change them in a week. And if you are worried about your credit cards, check your credit card bills very closely.

53 Moss Road, Banbridge, County Down, Northern Ireland, BT32 3NZ, Tel: +44 (0)28 4065 1009. Copyright EOS IT Solutions 2016. Privacy Policy. Cookie Policy