Studies have shown that a high- risk security bug, known as “Heartbleed”, has affected 66% of the web. Not only does this bug affect thousands of websites, and many businesses around the world, but it has been around for a couple of years without being noticed. To make matters even worse, websites are not the only things that are being affected. Equipment that is used to connect the web is also being affected. Cisco Systems Inc. and Juniper Networks Inc., two of the nation’s largest manufacturers of network equipment, stated that some of their products contain the Heartbleed bug. Along with these companies being affected, Heartbleed can also be found in some email server software, as well as software that run internet connected devices such as webcams and smart phones.
The smart phones that are being most affected by the Heartbleed virus are Android devices. In order to check if your Android phone has been affected, go to the “Settings” menu on your phone and go to the “About Phone” section. If your device’s version is 4.1.1 Jilly Bean, then your smart phone might be susceptible to the Heartbleed bug. As for iPhones iPads, and Macs, Apple has confirmed that all of them are safe from the bug.
The bug specifically affects a security protocol called SSL (Security Sockets Layer). Every time someone logs into a website using a username and password, the information that is typed is sent to that website’s server. The information that is sent is not sent as a plain text that anyone can read, but they’re encrypted using SSL. As with most protocols, different software makers have created different versions of SSL, and the most common is known as OpenSSL. It is so common that nearly two-thirds of websites use OpenSSL. Heartbleed is a bug that affects this security protocol.
OpenSSL was created in the 1990s, and is used by so many websites because it is extremely difficult to write the encryption codes. The problem is, even though it is so prevalent in Internet security, the software is written and maintained by only a couple of people who live in Europe, along with a few other contributors. Most of the programmers cannot constantly look over the OpenSSL because of other jobs they have in the day. They don’t have the time to look over every flaw and don’t have enough funds to pay someone to do it.
Heartbleed could allow hackers access to very important information including passwords to important websites, credit card data, as well as Social Security numbers. Some major websites that have admitted of being infected and began attempting to clean out the bug are Facebook, Google, Amazon, and Yahoo.
These security breaches have caused businesses to be prepared for certain damages by using Cyber Liability Insurance Covers. Like other events that can lead to losses of great value, it is important to be insured because it puts those insured at risk, the event will draw attention to governments and regulations, and will also diminish further losses with quick action. However, the difference in these circumstances is that unlike natural disasters such as rain, or hail, the insurer understands and knows exactly what he is losing. With the Heartbleed security breach, insurers may not be aware if they are being affected and how much they are losing.
What needs to be done is determine whether or not sites you have been using are in fact using OpenSSL. If so, then the website has been vulnerable to the Heartbleed bug and may have been affected. These websites should not be used until Heartbleed has been effectively taken out of the OpenSSL protocol. Checking the website’s blogs or twitter accounts will keep you updated. Also, changing your password to these websites is a must.