How this Major Security Flaw Affects You and Your Business
Last week, US authorities warned that the “Heartbleed” bug of OpenSSL affected a broad swath of the Internet, including websites as varied as Google, Facebook and Yahoo. The flaw exposes passwords, credit card numbers and secret keys used to encrypt information against hackers.
What Should I Do?
Website operators are scrambling to update their sites to fix the flaw. This entails applying a patch and resetting their encryption keys. To protect yourself, you should change your passwords after a website has fixed the flaw. (Note that NFIB.com has put in the fix for Heartbleed.) For a list of well-known sites that were compromised and have updated their systems, see this Mashable.com chart. If you use OpenSSL on your business website and collect personal data from your customers, you should upgrade to OpenSSL 1.0.1g as soon as possible.
What About My Bank?
The good news is that major banking and investment sites have said they were not affected. These include firms such Wells Fargo, Bank of America and US Bank. For a list of financial institutions, again consult the Mashable.com chart. You should also check with your individual financial institution to see if it has provided any guidance on the issue.
What About Electronic Payments?
The flaw has compromised the security of electronic payments, and Visa, for example, advises its clients and their agents and merchants to patch all affected systems as soon as possible. If your business uses these kinds of services, you should check with the relevant companies involved and be aware of security notifications from your software vendors.