Two (Essential) "Heartbleed" Solutions
Last fall, we learned via Edward Snowden that the NSA has cracked most of the Internet encryption protocols we take for granted.
As we put it in our virtual pages seven months ago today: “That little padlock symbol in the corner of your Web browser that you see when you check your Yahoo mail? Or when you log into your bank’s website to balance your checkbook? Doesn’t really mean anything. The NSA can get in there.”
As it turns out, the NSA wasn’t alone…
IT departments around the world are furiously patching their systems today, hoping to stamp out a bug called “Heartbleed.”
Researchers at Google and the cybersecurity firm Codenomicon uncovered it on Monday. Heartbleed takes advantage of a two-year-old flaw within OpenSSL — a set of encryption tools used on two-thirds of the world’s Web servers.
“Websites increasingly use encryption to mask data such as usernames, passwords and credit card numbers,” explains The Wall Street Journal. “That prevents a hacker lurking at a coffee shop from grabbing personal information out of the air as it travels to a wireless router… When a website is using these forms of encryption, a padlock appears with the Web address in a browser.”
If the Web server is infested with the Heartbleed bug, it can wind up storing important data — i.e., your passwords — unprotected. Hackers can grab it… and then impersonate the website of your bank, Web email provider, etc., the next time you try to log on.
Yeah, it’s bad.
But misery loves company: OpenSSL is so widespread, both the Pentagon and Homeland Security rely on it. Heh…
What can you do about it? Three things…
First, don’t panic. Just because a site is/was vulnerable is no guarantee your data were stolen.
Second, don’t go changing all your passwords until you’re sure 1) there’s been a problem and 2) it’s been fixed. “Security experts suggest waiting for confirmation of a fix,” according to CNET, “because further activity on a vulnerable site could exacerbate the problem.”
Curious about a site? You can plug in the URL here and get an instant report. If you’re curious about us, it confirms Agora Financial is good to go. (Our crack IT team was on the case early and had things fixed even before the news went viral yesterday afternoon…)
Cheers,
Dave Gonigam
for The Daily Reckoning
Bonus Solution: Get cracking on cybersecurity investing. “The data corruption problem is global and getting worse by the month,” says the DR’sByron King. “Our government and other foreign governments will be spending like crazy on security measures.”
Codenomicon, the firm that helped Google discover Heartbleed, is privately held, so that’s a nonstarter. But several other firms working the same space are public… and with the market pulling back, they’re attractively priced.
You can learn more about it by singing up for the email version of the Daily Reckoning. By simply reading articles like this on our site you miss the additional content we reserve for subscribed readers. It takes just a second to do… and then you’ll never miss a beat. Click here to subscribe now.
Comments: