Tech company: Change passwords or suffer ‘Heartbleed’
MANILA, Philippines – An international computer security company issued an advisory to the public Wednesday about the “Heartbleed Bug” that can compromise the security of a person’s online accounts.
Trend Micro advised the public to change the passwords of their email accounts and financial accounts, watch for suspicious activity on their accounts, and ensure they have updated security software on their computers.
The Heartbleed Bug is a vulnerability that has recently been found on the technology, called Secure Sockets Layer (SSL), that protects private documents on the internet.
The Open Source SSL, or OpenSSL, is used by a wide range of websites and software including email servers, chat servers, virtual private networks (VPNs), network appliances, and even mobile apps and OS, Trend Micro said.
“The Heartbleed vulnerability is a problem that affects SSL. You encounter SSL most likely when you shop online or enter sensitive information on a site and see the ‘lock’ that tells you your information is protected,” Paul Oliviera, TrendLabs Security Focus Lead, said in the advisory.
Attackers can use the security vulnerability to go through the security of a website allowing them to see all communications between a user and the website.
“This means that sensitive information like private keys, passwords, credit card information, or other personal information could have been exposed to others multiple times without your knowledge and consent,” Oliveria said.
Trend Micro said that because of the wide usage of SSL, it is reasonable to assume that the Heartbleed bug is present in many systems, thus making the scope of this vulnerability wide.