Heartbleed bug poses security threat

A NEW bug has crawled its way onto the internet, known as he Heartbleed Bug, and it is an extremely serious security breach that affects more than 500 000 websites worldwide.

“It is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the internet. This allows attackers to steal usernames, passwords, bank account information, and credit card numbers,” said Ward 10 councillor Rick Crouch.

Here is what you can do to make sure your information is protected:

-Do not log into accounts from afflicted sites until you’re sure the company has applied the patch. Some websites that appeared to have been affected included Yahoo and OKCupid, though the companies have said their sites are all or partly fixed.

-The natural response is to change all passwords immediately, but it is advised that you first wait for confirmation of a fix because further activity on a vulnerable site could exacerbate the problem.

-If you haven’t done so yet, visit every site that you have an account with to see if it is, or was, vulnerable to the bug. It is also advised that you ensure whether those vulnerable sites have fixed their Heartbleed wounds yet, by updating their security certificates.

-Once you have received confirmation of a security patch, change the passwords of your sensitive accounts first, such as banks and email addresses. Even if you’ve implemented two-factor authentication.

-Keep a close eye on financial statements for the next few days as attackers can access a server’s memory for credit card information. It would be prudent to keep a lookout for unfamiliar charges on your bank statements.

-You should also start using a password manager, such as LastPass or Norton Identity Safe, so that when the next big security issue hits, you’ll know exactly which passwords you’ll need to change.

“Even after following these guidelines, there is still some risk in surfing the web in the wake of the bug. Heartbleed is even known to affect browser cookies; cookies are installed on a users’ computer by websites and are used to track users’ activity on that site, so even if you visit a vulnerable site without logging in, it could be unsafe,” said Crouch.

Although Yahoo was affected by the bug, they have “successfully made appropriate corrections” to the main Yahoo systems: Yahoo Homepage, Search, Mail, Finance, Sports, Food, Tech, Flickr and Tumblr.

Rick Crouch and Associates has tested Facebook, Google, Pinterest and Twitter’s websites and appear to be safe for use at this time.