From Microsoft ending support for XP and OpenSSL having a major code fault the web has been a buzz about security. The problem with OpenSSL vulnerability (called Heatbleed by Google) is that the issue has been there for 2 years but researchers on the right side of the law have just found it. The wrong side could have been exploiting this vulnerability for over two years now.
The problem is, it is not a simple software update that can be sent out and installed on mass. This is much more complex. Each SSL certificate has its own encryption key making it more secure as data passes over it. In order to fix this the SSL certificate must be revoked, reissued and re-installed. All of which can't happen in an instance. In the meantime people have no way of knowing whether their service provider has completed the process. From what we know as of this posting major websites such as Google, Facebook, Yahoo and Amazon have said they've taken steps to secure their sites.
"A major online security vulnerability dubbed "Heartbleed" could put your personal information at risk, including passwords, credit card information and e-mails."
"Smaller online stores and services use OpenSSL, and those sites might take longer to make the necessary fixes. Websites don't typically publicize whether they're using OpenSSL, so the process will also be bumpy for consumers." -CNN
For more go to:
http://www.cnn.com/2014/04/08/tech/web/heartbleed-openssl/index.html?hpt=hp_t2
Mashable has put together a great video explanation as well as a running list of companies that have made the updates required to address Heartbleed. Until a company has made the update, changing your password can mean the new password could be compromised. Read the list to see if it is time for you to update your password at your vendor sites.
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Google has also put up a webpage of FAQ at http://heartbleed.com/
Be sure to Like us at www.facebook.com/blackrocknetworks for system updates.
Or +1 us on Google at www.google.com/+Blackrocknetworks