As we write this, two months after the news broke about the massively critical security risk labeled “Heartbleed”, only about 3% of affected servers have done anything to fix it. That’s scary. Here is how to reduce your risk.
So what is Heartbleed? Heartbleed is the name given to a known “bug” in the encryption process that allowed hackers to trick web servers into serving up confidential data, such as users’ names and passwords. It’s a huge problem that affected many of the web services out there. It’s scary because the servers appear to be secure with their OpenSSL cryptographic software.
The simple way for a customer to be protected from harm is to have a different password for each web site. This may be inconvenient, but so is identity theft.
New solutions are available to help make the password issue less of a hassle. Three that come to mind are 1Password, LastPass and RoboForm. Dashlane is making news as a new startup. Now more and more people are deciding to learn how to use password managers while they still have an identity to protect and money to spend.
But the overarching lesson that we learn from Heartbleed is that one should never, under any circumstance, nor for any reason, use the online banking password for other websites. If you manage passwords properly, the biggest risk you have with a password breach is that ONE password. The bad guys can’t use that single password to access any other site. It’s an isolated risk, which is risk management at its very core.
By the way, in addition to hijacking a web server”s security certificate, Heartbleed can make “phishing” attempts appear more legitimate. Phishing refers to the practice of tricking people to click on a web link that looks like it will go to a legitimate web site but in truth goes to a nefarious web site. Peoples Bank’s online security tool, Rapport by Trusteer successfully mitigates this threat. If you have not installed this free piece of software, we urge you to do so. It is a great solution for conducting safe, secure online banking transactions with Peoples Bank. See our Online Security page for details and a link to download the software.
To learn more about Heartbleed and find out if a server is affected, browse the links below:
- A pretty good cartoon to describe how Heartbleed works from xkcd.
- Bruce Schneier, security expert. Read to get information on how to test web sites.
- Mashable: Report: 300,000 Websites Are Still Vulnerable to Heartbleed
- Heartbleed Continues to Threaten Internet Security and Consumer Trust by Sara Lozanova on Triple Pundit