If you have not heard of Heartbleed bug by now, you probably should now! Since Monday (7th April 2014) after the Heartbleed bug was announced by Google Researcher and a Finnish Security firm, Codenomicon, website owners around the world are getting into immediate action to fix the problem.
You see, this Heartbleed thingy is non ordinary bug as it impact two third of the websites around the world. Following are some details regarding the bug that I've gathered online :
1. What is Heartbleed?
It is a security flaw(bug) that plagued 2/3 of the websites that are using the OpenSSL (Open Source encryption) technology. i.e. those sites with URL begins with "https" and a padlock icon. With this bug, the cyber-criminals can steal your personal data e.g. passwords, credit card details etc. without a trace.
2. When was the Heartbleed started?
According to the report, it started more than two years ago i.e. since March 2012.
3. What Need to Be Done To Fix The Bug?
It is a tricky and time consuming one. In fact, to fix the bug, both the site owner and user (which is you) need to take some action.
For the website owner : They need to upgrade to the patched version of OpenSSL
For the user (which is you) : You need to change your password
Note : According to the expert, if you change the password before the site is being upgrade with the patched version, your new password credentials is still vulnerable,hence, there is no need to rush into password changing frenzy.
4. How Real Is The Threat?
From the online-security point of view, this is a serious security risk but there is no way to identify/quantified the actual risks since attack (if any) are untraceable.
As individual investor, I believed most of us are trading online and are dealing with money transactions, hence, it is important for us to be more alert of such threat. If your broker/trading partner asked you to change your password credential and citing Heartbleed as a reason, you might jolly well do so ;-)
Cheers!
No comments:
Post a Comment