There is a serious security hole, dubbed “Heartbleed,” has been identified in “OpenSSL,” which provides secure connection services on thousands of servers across the world. This hole could potentially allow hackers to steal passwords, log in names, and secure data from your websites!
Sources report that this vulnerability is due to a small coding error. A Google researcher and independent security firm in Finland discovered it last week, but reported that this problem has been present for more than two years. This is unsettling since OpenSSL is used for holding a secure connection between the user with their credit card or personal information and the online store that product is being purchased from.
Many major websites like Google, Facebook, Amazon, and more have stated that they’ve taken steps to secure their sites. In fact, security researchers demonstrated this vulnerability by stealing Yahoo email logins last week. No worries to those using Yahoo or Tumblr. Yahoo reports they have fixed that issue.
Those using OpenSSL must take action by upgrading their websites to the recently patched version of OpenSSL, revoke compromised SSL certificates and issue new certificates.
This is not just an issue for major websites. This affects us all. Smaller online stores using this service are affected as well.
The hosting company that I use to build my clients’ websites has announced that ALL their servers are SECURE! They have an Alert Systems Team in place. This team identified the threat and took immediate steps to quash the threat. The now report,
“All our servers have been fully updated to close this security hole and protect your sensitive data.”
Anytime you hear of a security breach to any website that you use, I strongly recommended that you change your password.