Heartbleed virus: Local officials urge caution online
About two-thirds of the Internet is vulnerable to security leaks with the presence of Heartbleed, a bug that has left a gaping hole in one of the most common Internet coding softwares, and Internet users are advised to remain vigilant when logging into their online accounts.
The bug, which affects OpenSSL-the most commonly used coding software to protect the Internet-allows anyone to view, and if they desire exploit, the information stored by a computer’s networking system.
Experts say that any site that uses higher-quality security coding, like banks and accounts where money is involved, are not likely to be affected. If they are, the only thing users can do to help is to monitor logins and keep information private.
“Often times, vulnerabilities like this are designed to exploit what was designed to protect us,” said Jerry Bradford, chief information officer for the Washington County Career Center. “Locally, it can affect any user that has an account with any organization affected by the software.”
Technical analysts have compiled lists of affected popular websites, which include Facebook, Google, Yahoo and TurboTax, all of which use the popular OpenSSL software.
Most banks, which use multi-layer security to protect account information, have not been left vulnerable, nor have other higher-security sites like Apple, Amazon and Paypal.
Though most banks have not been impacted, the Federal Financial Institutions Examination Council released a statement Thursday saying that it expects “financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.”
Every security question, extra password and roadblock a user faces when doing online banking contributes to most banks’ immunity from the Heartbleed bug.
“When a customer logs in, behind the scenes there’s a lot going on, and there’s many different factors designed to raise a red flag if something does not seem secure,” said Jeff Welch, senior vice president of Settlers Bank in Marietta. “Generally speaking, banks have more in terms of security, but that doesn’t mean customers should stop paying attention.”
Welch said the bank has gotten several calls in regards to the Heartbleed bug with customers concerned about security, and he encourages everyone to talk to their bank directly.
“This has not been the first security threat and it won’t be the last,” he said. “Customers, users, surfers, need to be careful with login identity and credentials.”
Bradford said to look for websites that contain a padlock symbol somewhere on the page, which means that its network has been encrypted further than surface level security and is most likely safe.
“They need to make sure everything looks right, and everything looks normal,” he said. “Following links from emails can look like it comes from one source but it really comes from another one, and that’s where you become vulnerable.”
Settlers Bank requires all users to change their online banking password every six months, and many other banks require similar changes with different time frames.
Peoples Bank also requires a password changes every 90 to 100 days, but Executive Vice President Rick Stafford said the bank’s high-level security system has also protected it from being affected by the bug.
“We just reinforce appropriate safeguards with our customers; making sure their virus software is updated, browsers are updated and passwords are complex,” he said. “So far though, our call center has not received any concerns about it.”
Operating systems have been releasing patches for clients to use on their sites throughout April, a fix that Bradford said is up to the company to use to improve vulnerabilities.
Bradford said another problem most people face is the reluctance to protect passwords.
“As long as you keep the bad guys guessing, you’re doing your part as a user and that’s all you can do, but most people don’t,” he said. “Use random characters, symbols and numbers and change them more often. This makes the vulnerabilities less of an annoyance.”
Mark Burnett, a security consultant and researcher who specializes in hardening Microsoft Windows-based servers and networks, reported in 2013 that 91 percent of passwords used on the Internet come from a pool of only 1,000 passwords.
Bradford said right now, changing passwords might not mean that your information is automatically secure again, but still changing it frequently will help assure that the information cannot be stored as long.
“If you’re changing it every 90 days, the likelihood you have a problem will be reduced greatly,” he said.