El Paso, TX (KDBC) — Better Business Bureau (BBB) warns the public to safeguard private information against the “Heartbleed” security threat.
The Heartbleed bug is a computer security vulnerability that can reveal the contents of a server’s memory and expose private data such as usernames, passwords and even credit card information.
The Heartbleed bug exploits a flaw in the secure sockets layer (SSL) of popular open source software called OpenSSL.
SSL is the standard security technology that establishes an encrypted link between a user’s web browser and the server where a website is hosted.
It is used to secure numerous kinds of data transfers, including email, instant messaging, social media and business transactions. Encryption is essential to Internet security.
The flaw, discovered on April 7, but apparently in existence for two years, means attackers can copy a server’s digital keys and use them to impersonate servers to decode communications from the past and potentially, the future.
BBB recommends that businesses immediately check to see if their website(s) use Open SSL or have been vulnerable.
One way to check, recommended by tech/media website CNET, is a tool developed by a cryptography consultant. If vulnerability exists, businesses should work with their IT department or computer professional to install a more secure SSL on their websites.
Systems administrators should follow the advice of the U.S. Computer Emergency Response Team (US-CERT).
Although this information comes from the U.S. government, it is applicable to systems in other countries.
BBB also suggests choosing passwords that are phrases (for instance, ilovetofish) and making each letter O into a zero to make the password more complex.
Look into password management software to help you keep track of “long and strong” passwords.
BBB’s servers do not use Open Source SSL. All of its websites have been checked and found to be free of vulnerabilities.