For the past two years a security flaw has gone unnoticed in the technology community and has exposed countless user's personal information to attackers. The bug, named Heartbleed, was discovered and disclosed earlier this week. This bug affects OpenSSL, the Internet's most commonly used crytographic library that is suppose to keep your data secure. With a name like Heartbleed you can expect a powerful bug.
Whether you realize it or not, you have more than likely used OpenSSL in the past two years. Internet companies use the software OpenSSL to provide a blanket of security. Banks, email providers, Amazon, and Google are just a small portion of the companies that offer the protection. Even as I write this post I noticed the lock symbol next to the https address symbolizing it is "protected" by OpenSSL. With most of my banking done online, purchases made through Amazon, and several email accounts with different providers, I definitely feel at risk. Unfortunately, the amount of companies, both big and small, using OpenSSL means it is very hard to tell who is affected or when the issue is fixed for each company. To make matters worse, the bug has been in existence since March 14, 2012, giving attackers ample time to intercept communications and user data.
With the widespread bug making companies race to fix their security flaws, what can the everyday user do for prevention? For now, nothing. Until each individual company patch their software and new SSL keys are generated to them there is little you can do to avoid an attack. Once these two steps are taken care of the best bet is to change your password associated with the company. Try to avoid shared Wi-Fi networks which offer attackers the best access to your communications. By now major sites like Amazon, Yahoo, and Google have secured themselves from the vulnerability but always exercise caution when dealing with sensitive information over the internet.
Related Article: Heartbleed from NPR
No comments:
Post a Comment