As news about the Heartbleed vulnerability becomes available, users are advised that they may wish to change sensitive passwords to be safe.
In a blog post, Trend Micro’s global threat communications manager Christopher Budd offers some facts regarding the problems posed by the Heartbleed bug.
“The Heartbleed vulnerability is a problem that affects SSL, the technology that helps protect your information on the Internet. You’re likely most familiar with SSL when you shop online or enter sensitive information on a site and see the “lock” that tells you your information is protected,” Budd explains.
If this vulnerability is exploited, attackers can unravel websites’ security, enabling them to monitor all communication between a user and a website, as well as decrypt any traffic they have collected previously from the Web site.
“This means that sensitive information like passwords, credit card information, or other personal information could have been exposed to others without your knowing,” Budd says.
But what can be done about this? Can individuals fix this problem?
“In this case, this isn’t a problem with your computer or devices, it’s a problem that websites have to take care of by fixing SSL on their site,” says Budd.
He doesn’t suggest that the public should be left to the mercy of cybercriminals and others who would exploit this flaw. There are several steps that can be taken to mitigate this problem.
Budd’s tips on helping avoid trouble from the Heartbleed vulnerability include:
* Make sure you’re running up-to-date security software on all your systems.
* Consider changing passwords on high-value accounts like your webmail account or online financial accounts.
* Watch for suspicious activity of any kind, particularly on your online accounts and your financial accounts.
* Change passwords promptly for sites that recommend you do so.
“This is a huge problem with potential to reach a vast audience that could cause serious security issues for Web sites and their users,” says Budd. “Cybercriminals have the potential to listen in on communication between websites and their users, as well as imitate a website or a user to rip-off critical data and information. That little gold lock has been picked and action and caution is required moving forward to mitigate this problem.”