Locks and Security News: your weekly locks and security industry newsletter
17th April 2024 Issue no. 701

Your industry news - first

We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.

Heartbleed explained

As far as the Heartbleed SSL bug is concerned, it exists in the OpenSSL software that is used for secure web communication in the majority (at least 65%) of secure sites (those with a prefix of https:// where your browser will display a closed padlock during access).

The bug could be exploited by a hacker to obtain the private key for the site and hence decrypt all secure communication including logon information and passwords. The bug has existed for several years but there is no evidence of any exploitation (although access through the bug is not logged so they cannot be totally certain, there are no reports of passwords being used en mass in mysterious circumstances).

The fundamental advice seems to be to change all of your web based passwords (after the site has patched the OpenSSL software) for web sites (particularly banking), email and file storage but this is also seen by many experts as overkill since it is rated as low to medium risk. If you're worried, check that the site is no longer vulnerable and then change your password but you don't need to panic.

16th April 2014