CHINA TOPIX

12/22/2024 11:18:41 pm

Make CT Your Homepage

'Heartbleed' Security Flaw Threatens Credit Cards and Passwords on Secure Sites

"Secure" is no longer secure.

That's the consensus after it was discovered that supposedly secure websites --those sporting a padlock icon and the https-colon-double-slash when you open them in your  browser-- have been breached via a security flaw in encryption software.

Websites that begin with https are usually those that deal with eCommerce transactions, online banking sites, email providers and most social media sites.

Like Us on Facebook

The logical conclusion: passwords, credit card data, and other sensitive personal information that people have stored in these sites run the risk of being compromised, if they aren't already.

The advice: change your passwords. Now. Change your passwords now before your heart bleeds over loss of money and online secrets.

Researchers at Google and Finnish security firm Codenomicon discovered the security flaw which they named "Heartbleed".

They say Heartbleed has been around in the last two years, and can be used to stealthily extract data without leaving any trace, but the researchers were not sure if someone has actually used the said security flaw in a hacking attack.

There have been occasional reports, however, of credit card data being used in online purchases unknown to the card owner.

The Heartbleed security breach involves SSL/TLS encryption, but he OpenSSL is said to have been heavily affected by the problem.

Codenomicon says Open SSL is used by both Apache and nginx, the platform used by many websites, email clients, chat software and VPNs.

Thankfully, many big-traffic consumer websites have opted for conservative software and are thus less prone to exposure to the security flaw.

In contrast, the websites that provide smaller but more progressive services have latched on to newer encryption technology, which put them at a higher risk of being victimized by the Heartbleed security flaw.

Researchers said a security fix was released on Monday and urged companies to install the patch.

Social networks Tumblr and Yahoo have stepped up to the plate, with Tumblr assuring its clients that there was no evidence that the social media platform was breached, while Yahoo said it was working double-time to fix any security flaws in its products.

Researchers reiterated their advice to people to change their passwords regularly, and to add a backup mobile number to their account that can be used to verify the user's identity in case problems accessing their account arise due to hacking. 

Real Time Analytics