Update from Ralph Bristol Morning News - BBB Middle Tennessee can be heard Fridays at 7:35am on the Ralph Bristol Nashville Morning News, WTN 99.7 (FM Radio)
BBB is receiving many consumer inquiries concerning the ‘Heartbleed’ bug, a computer security vulnerability that can reveal the contents of a servers memory and expose consumer private data such as user names, passwords and even credit card information.
Important FACTS FOR CONSUMERS:
- this bug has been active for almost two years and was only recently discovered meaning that attackers can copy a server’s digital keys and use them to impersonate servers to decode communications from the past and potentially, the future
- Two-Thirds of internet websites could be infected
- There are website security services that check and publish whether or not a website service has been patched ( bug was detected and a security ‘patch’ has been installed).
- BBB suggests consumers use CNET.com to see if websites they regularly use are free of problems, or have fixed vulnerabilities.
Cnet.com has published a list of the top 100 websites by name and the following status condition
- Vulnerability Patched, Password Change Recommended
- Was Not Vulnerable
- Awaiting Response
Change your password AFTER confirming that the site is not vulnerable or has patched it’s SSL (Secure Sockets Layer)
- If you update passwords too early, you are putting your new password at risk by exposing additional data this is requested during a password reset process...WAIT UNTIL A SECURITY FIX IS RELEASED and then change all passwords on each account
NOTE: BBB servers do not use Open Source SSL, all of its websites have been checked and found to be free of vulnerabilities BBB.ORG WAS NOT AFFECTED