By now, most people have heard of the Heartbleed Bug. In case you haven’t, Heartbleed is a bug in the OpenSSL encryption standard used by a number of websites on the Internet. The Heartbleed Bug exposes a flaw in OpenSSL version 1.0.1 to 1.0.1f that allows data to be compromised. Two of the more well-known companies utilizing the OpenSSL encryption standard include Facebook and Amazon. According to Codenomicon’s website, the Heartbleed bug “compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
According to experts, this vulnerability has been in existence since February of 2012. Although websites using OpenSSL are susceptible to the Heartbleed Bug, there is no definitive way to determine if a particular website has been compromised. Many websites have applied patches to OpenSSL. Unfortunately, these patches don’t address data breaches. Therefore, it is recommended that you change your password for websites that may have been compromised. Before doing so, you should verify that the website in question has fixed the bug. If they haven’t, your data could still become compromised. Critical Watch has provided a website that allows you to test if a website is vulnerable to the Heartbleed Bug. Please visit http://heartbleed.criticalwatch.com/ to test a website for vulnerability.
© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.