The recently exposed OpenSSL bug known as “heartbleed” is something that has the entire Internet running scared as it could allow anyone on the internet to possibly uncover names, passwords, credit cards and other content you send to a seemingly secure web site. Now if you’re an IT Nerd like me, you can find technical details here. But for the rest of us, here’s what you need to know.
This bug affects any sites and services running specific versions of the OpenSSL protocol that is used to secure transmissions between your computer and the website. Typically banks and e-commerce sites, and any other site that needs security as was proven by the shutdown this morning of the Canada Revenue Agency website. This bug could have been around for at least 2 years and anyone who exploits this bug could do so without leaving a trace. That’s scary.
Any website could have this issue. You could run this test on your banking website or e-commerce site for example to see if they’ve vulnerable. The word on the street is that thousands of websites could be affected, so chances are you’ll trip over something that has this bug. But that will only give you results as of right now. It is entirely possible that the site could pass this test, but the site was vulnerable in the past and simply fixed it without telling anyone. So the question becomes, how do you protect yourself? The answer sadly is that there isn’t a whole lot that you can do to protect yourself. You could change the passwords on the sites that you use, but if you go that route you should ensure that the issue doesn’t exist on those sites. Other than that, there’s not much that could be done.
Like this:
Like Loading...
Related
This entry was posted on April 9, 2014 at 3:45 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
What You Need To Know About The “Heartbleed” Bug
The recently exposed OpenSSL bug known as “heartbleed” is something that has the entire Internet running scared as it could allow anyone on the internet to possibly uncover names, passwords, credit cards and other content you send to a seemingly secure web site. Now if you’re an IT Nerd like me, you can find technical details here. But for the rest of us, here’s what you need to know.
This bug affects any sites and services running specific versions of the OpenSSL protocol that is used to secure transmissions between your computer and the website. Typically banks and e-commerce sites, and any other site that needs security as was proven by the shutdown this morning of the Canada Revenue Agency website. This bug could have been around for at least 2 years and anyone who exploits this bug could do so without leaving a trace. That’s scary.
Any website could have this issue. You could run this test on your banking website or e-commerce site for example to see if they’ve vulnerable. The word on the street is that thousands of websites could be affected, so chances are you’ll trip over something that has this bug. But that will only give you results as of right now. It is entirely possible that the site could pass this test, but the site was vulnerable in the past and simply fixed it without telling anyone. So the question becomes, how do you protect yourself? The answer sadly is that there isn’t a whole lot that you can do to protect yourself. You could change the passwords on the sites that you use, but if you go that route you should ensure that the issue doesn’t exist on those sites. Other than that, there’s not much that could be done.
Share this:
Like this:
Related
This entry was posted on April 9, 2014 at 3:45 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.