Heartbleed Bug

  
     
Update from Ralph Bristol Morning News - BBB Middle Tennessee can be heard Fridays at 7:35am on the Ralph Bristol Nashville Morning News, WTN 99.7 (FM Radio)
April 11, 2014

BBB is receiving many consumer inquiries concerning the ‘Heartbleed’ bug, a computer security vulnerability that can reveal the contents of a servers memory and expose consumer private data such as user names, passwords and even credit card information.

Important FACTS FOR CONSUMERS:

  • this bug has been active for almost two years and was only recently discovered meaning that attackers can copy a server’s digital keys and use them to impersonate servers to decode communications from the past and potentially, the future
  • Two-Thirds of  internet websites could be infected
  • There are website security services that check and publish whether or not a website service has been patched ( bug was detected and a security ‘patch’ has been installed).
  • BBB suggests consumers use CNET.com to see if websites they regularly use are free of problems, or have fixed vulnerabilities.   

Cnet.com has published a list of the top 100 websites by name and the following status condition

  •  Vulnerability Patched, Password Change Recommended   
  •  Was Not Vulnerable
  •  Awaiting Response

Change your password AFTER confirming that the site is not vulnerable or has patched it’s SSL (Secure Sockets Layer)

  • If you update passwords too early, you are putting your new password at risk by exposing additional data this is requested during a password reset process...WAIT UNTIL A SECURITY FIX IS RELEASED and then change all passwords on each account

--
NOTE: BBB servers do not use Open Source SSL, all of its websites have been checked and found to be free of vulnerabilities BBB.ORG WAS NOT AFFECTED