Heartbleed security bug leaves consumers vulnerable

LITTLE ROCK, Ark. (KTHV) - Millions of people are wondering what they can do to protect their passwords, credit card numbers and other personal information after news of another lapse in internet security.

The problem stems from encryption software called OpenSSL, and on many websites usernames, passwords, credit card numbers, home addresses, phone numbers and other kinds of personal information can be stolen.

Dr. Mengjun Xie is an assistant professor of computer science at UALR and says Heartbleed is different from other computer viruses because it doesn't target individual users and computers. Instead Heartbleed is a bug in the software used to run internet servers, so even changing your passwords to various websites won't protect you unless those sites have updated their servers with the fixed version.

"The weak point is the server itself," said Xie. "Even if you change your password the attacker can still probe into the server and get your new password."

"If you choose a new password now and then the site fixes the problem you're just going to have to choose another new password in a couple of days when they implement the fix," added CNET Senior Writer Seth Rosenblatt. "I would stay away from your banking site. I would stay away from your bank's mobile app as well."

As many as two-thirds of websites may be vulnerable to attacks. It's those websites' responsibility to ensure security for their users, but until that happens many experts warn against making any transactions online, including via your phone.

One tip from the experts is to use a website checker such as Lastpass.com/heartbleed to see whether sites are vulnerable or not. And a lot of major websites like Google, Facebook, YouTube, Yahoo and Twitter say they have already fixed the bug.


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment