Whether through social media, the news or a friend, most are aware of the recent “Heartbleed” bug - a computer security vulnerability that can reveal the contents of a server’s memory and expose private data such as usernames, passwords and even credit card information. Better Business Bureau (BBB) shares recommendations on what to do to minimize the negative effects of the security threat.
The “Heartbleed” bug exploits a flaw in the Secure Sockets Layer (SSL) of popular open source software called OpenSSL. SSL is the standard security technology that establishes an encrypted link between a user’s web browser and the server where the website is hosted. SSL is used to secure numerous kinds of data transfers, including email, instant messaging, social media, and business transactions and for this reason, encryption is essential to Internet security.
The flaw, which was discovered on April 7, but has been in existence for two years, means that attackers can copy a server’s digital keys and use them to impersonate servers to decode communications from the past - and, potentially, the future.
BBB recommends businesses immediately check to see if their website(s) use Open SSL or are vulnerable. Tech/media website CNET, recommends a heartbleed-test tool developed by a cryptography consultant found at filippo.io/Heartbleed. If vulnerability exists, businesses should work with their IT department or a computer professional to install a more secure SSL on their websites.
For systems administrators:
Systems administrators should follow the advice of the United States computer Emergency Readiness Team (US-CERT) found at http://www.us-cert.gov/ncas/alerts/TA14-098A. Information from US-CERT can be applied to systems in other countries.
CNET has also published a list of the top 100 websites affected, updated regularly based recent vulnerabilities and repairs. Consumers can reference CNET’s list or the heartbleed-test tool previously mentioned to see if websites they regularly use are secure, or if vulnerabilities have been addressed.
It’s also recommended that consumers change passwords on all sites, particularly those that retain personal identifying information. Passwords should be changed after confirming the site is not vulnerable or has fixed its SSL.
The “Stop. Think. Connect.” campaign offers the following suggestions to protect your identity:
BBB’s servers do not use Open Source SSL. All of its websites have been checked and found to be free of vulnerabilities.
About BBB of Central, Northern & Western Arizona
BBB is an unbiased organization that sets and upholds high standards for fair and honest business behavior. In 2014, people turned to BBB more than 165 million times for BBB Business Reviews® on more than 4.7 million businesses and 11,000 charities, all available free at bbb.org. Incorporated locally in 1938, BBB Serving Central, Northern and Western Arizona is supported by over 11,400 BBB Accredited Businesses. Businesses that earn BBB Accreditation contractually agree and adhere to the organization’s high standards of ethical business behavior. BBB provides objective advice, free business reviews and charity reports, and educational information on topics affecting marketplace trust.