Yesterday, researches announced a security flaw in OpenSSL, an encryption tool used to transmit secure data over the Internet. Simply put, they found a loophole that makes it possible for hackers to intercept encrypted data including usernames, passwords, uploaded content and even credit card data. This flaw has been in place for over two years, however, it wasn’t discovered until very recently.
What does this mean?
Cracking SSL does not necessarily expose all of your passwords. It means that a hacker could intercept your communications (e.g. from a public Starbucks or Wi-Fi hot spot) and then decrypt the information. In other words, they can catch a login attempt and see your password. From there they can login as you and…voila.
What’s being done about it?
OpenSSL fixed the flaw prior to the announcement yesterday, but service providers still need to update their sites in order to complete the fix. While major sites like Google, Facebook and Amazon have already upgraded their software to fix the bug, other sites may not have upgraded yet.
You may be affected directly or indirectly. According to Netcraft, 66% of websites are powered by technology build around SSL, including social media sites, company websites and government websites.
How to Protect Yourself
We recommend changing your online passwords as a preventative measure. As a general rule, passwords should be changed regularly, either monthly or quarterly. As always, if you notice any suspicious behavior or if you have any questions or concerns at all, please contact us at 216-662-3200 option 1 or [email protected].
For more updates like this, subscribe to our blog.Sources: http://heartbleed.com/ http://www.businessinsider.com/heartbleed-bug-explainer-2014-4 http://news.netcraft.com/archives/2014/04/02/april-2014-web-server-survey.html http://www.pcmag.com/article2/0,2817,2456170,00.asp