Dr. Hayes on Heartbleed
As you may have heard by now, there’s a huge Web vulnerability called Heartbleed out there that can allow an attacker access to the memory of a server or client, including a server’s SSL private keys. What does this mean for those of us that depend on privacy and security in our everyday online interactions? We decided that there would be no one better to ask than Dr. Darren Hayes, Seidenberg’s expert in cyber security. He stated that,
“Heartbleed could be the biggest Web vulnerability ever discovered. The problem is that the vulnerability has been around for two years now, so we have no idea what information could have been stolen from big name companies. Furthermore, the message for customers is problematic because a user cannot rush to change his or her password until the Website has patched their system and purged old keys used to encrypt data. Our confidence in transacting business on banking and retail sites and checking our email with well-known service providers has essentially been shattered. Hopefully, companies will keep their customers updated on what is happening and inform their customers on best practices for security.”
It’s important for users to change their passwords on sites that have been approved. There are lists, such as this one on CNET, that state which sites are safe and which could still be vulnerable. Take the weekend to sort through your accounts to make sure your information is secure.