A major online security vulnerability could put your personal information at risk. This flaw in the security software that is used by millions of websites has been dubbed “Heartbleed” and could expose users’ passwords, credit card information, and emails.  Here is what you need to know about it.

Heartbleed is a defect in OpenSSL, which is an open-source encryption technology that is used by about two-thirds of Web servers.  This is used in many HTTPS sites that collect personal and financial information, including banks, emails, and social media sites, and this bug could be used to exploit this sort of information by cybercriminals.  CNN says it has actually been around since March 2012 but was only discovered last week.  Before you begin to panic, a solution has been discovered and many websites, like SmartFile, have already been updated.  But, because this has been around for such a long period of time, it is advised that you still change your passwords for any account that may use OpenSSL, including SmartFile.

There is a very good chance that most people will not be affected by this bug, but it is important to stay safe, especially when it come to your financial information.  If have any questions, go to Heartbleed.com.  This site was put up by Codenomicon, the security firm that discovered Heartbleed.

image credit: Codenomicon

Related Posts

About Thomas Budnik

I am the Marketing Intern at SmartFile. I manage all marketing aspects of the SmartFile brand, including social media, blogging, competitor research, and infographic creation.

2 thoughts on “Protect Yourself from Heartbleed Bug”

  1. “There is a very good chance that most people will not be affected by this bug”
    However, if anyone has collected someones encrypted web traffic over a period of time now has access to all of that information. Since the Heartbleed bug allowed for attackers to compromise SSL certificates, the attacker now only needs to decrypt the traffic using the recovered certificate.

    Patching web servers against Heartbleed is only half of the solution. SSL certificates must be revoked and reissued after the patch, as the previous certificate could be compromised. It is also important to invalidate all session keys and cookies, as sessions may be hijacked.

Leave a Reply

Your email address will not be published. Required fields are marked *