The Heartbleed Bug — Commentary by Paul Hill

by Cooper Smith – Business Insider

A major flaw in the popular OpenSSL software library, which many Internet companies use to encrypt sensitive data, could leave online shoppers vulnerable to credit card theft. “Potentially everything is at risk,” said Paul Hill, a senior consultant at SystemExperts, IT compliance and security consultancy. After learning about the bug, Amazon, eBay, Etsy, and other major online retailers began testing their systems to find out whether they are at risk. (Internet Retailer)

THREE THINGS TO KNOW ABOUT HEARTBLEED: Here are the top three things to know about the bug:

What kind of data can Heartbleed expose?

Essentially, any data stored on or received through a website’s servers, including account passwords, credit card and transaction data, and personal information.

How does it work?

Using the “heartbeat” communication link that keeps a secure connection active, attackers can trick a server into responding with a block of data-containing system memory. The attack can be repeated until desired information, including the server’s encryption key, is obtained.

Is my website vulnerable?

You can test your site’s current vulnerability by entering the domain name into this tool. Unfortunately, there is no way to determine if a server has been attacked in the past using Heartbleed, but only websites that use a security protocol called OpenSSL would have been affected.

Read more: