Dedicated to Deposits: Deals, Data, and Discussion
Featured Savings Rates
Featured Accounts

Major Online Security Glitch Serious Threat To Online Banking, Other Encryption

Wednesday, April 9, 2014 - 11:58 AM
A significant and far reaching security vulnerability discovered last week in the OpenSSL technology threatens all online encryption, including security measures for online banking. Security analysts are recommending users avoid doing anything sensitive like online banking.

'Heartbleed Bug' puts Web security at risk

The "Heartbleed Bug," as it is known, is a vulnerability in OpenSSL, a technology used to provide encryption of about 66% of all servers on the public Internet.
"The scope of this is immense," said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi, a Salt Lake City cybersecurity company. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now."
By running such exploits, a hacker could in just a few seconds download countless emails, passwords, user IDs and much other personal information."It's a very simple script," said Chris Eng, vice president of research at application security testing firm Veracode. "And there's still a lot of websites out there that are vulnerable."
An updated version of OpenSSL has been issued, and sites can use that to fix the bug. In addition to updating OpenSSL, sites will need to update many pieces of their security protocols known as keys and certificates that help them confirm the identity of users.
Tumbler on Tuesday became the latest Website to say it has been hit by the security breach. 
8
me1004me1004373 posts since
Jan 16, 2010
Rep Points: 2,597
1. Wednesday, April 9, 2014 - 5:15 PM
If you're concerned about the vulnerability of your online credentials for banking or shopping, the chances are good that your bank, major online shopping site, and social network (like Facebook - if they use OpenSSL) have already patched the vulnerability. However, if you are concerned, contact your bank (especially) and ask if they have patched the OpenSSL to prevent exposure via the Heartbleed bug.

Heartbleed: What you should know
7
ShorebreakShorebreak2,675 posts since
Apr 6, 2010
Rep Points: 14,527
Reply