A major security alert that affects most website services including banks, email and social media sites, has been announced after security researchers discovered a security flaw called “Heartbleed”, according to an April 9 report in “The Washington Post”.
“Heartbleed” is a security flaw that reveals user names, passwords, transations and private data to any hacker who knows how to take advantage of this security flaw. It doesn't matter if you surf the web on your iPad, iPhone, iPod Touch, Mac, PC or Android phone—the “Heartbleed” security flaw is in the websites, not in the iPad, iPhone, iPod Touch, Mac, PC or Android browsers that access them.
Specifically, “Heartbleed” is a security flaw in the millions of websites that use SSL, or Secure Socket Layer. SSL is meant to keep communications and data transfers between your computer (or iPad or whatever device that you're using to access the Internet) and a website's server private and safe. Banking, credit card and insurance websites are some examples of websites that use SSL. Any websites that lets users purchase items with credit cards also use SSL.
SSL software comes in different varieties—each with the same purpose—to protect your private transactions and communications. It is the most popularly used variety of SSL, called “Open SSL” that has the “Heartbleed” security flaw.
The scary part is that there is no way to tell if a hacker has been able to see your data through the “Heartbleed” security flaw. Also, other than logging out of a website after a user is done with it, there isn't much that web users can do about this “Heartbleed” security flaw. This is because the “Heartbleed” security problem exists on web servers. Web servers are huge computers that power websites. When you log on to Amazon for instance, you are logging on to Amazon's server.
Web companies are working to install an update to a new version of SSL software, which will solve the problem. Most major websites that use SSL should be fixed soon. Yahoo, for example, has announced that while Yahoo was vulnerable to a “Heartbleed” attack, it has now been patched.
Users can see which websites are still vulnerable to the “Heartbleed” security flaw—and which sites have corrected “Heartbleed”--by visiting this “Heartbleed” test website created by an Italian crypotonographer, although this test is not 100 percent accurate.
Once the website is fixed and no longer vulnerable to “Heartbleed”, users should change the password that they use to log in to that site.
If you enjoy this article about the new, major security alert warning about how most website services are affected by 'Heartbleed', comment and subscribe. Thanks!
Check these out: