Many of you undoubtedly will remember the infamous Heartbleed bug which I warned you about last April. Heartbleed was the name of a long standing security flaw in the OpenSSL encryption security technology used throughout the Internet. Eventually, this flaw was patched, but not before hackers and identity thieves exploited it to attack websites for purposes of identity theft. Open SSL encryption security technology is used by about 2/3 of the websites on the Internet. An indication that the website you are communicating with uses OpenSSL is the presence of the tiny padlock icon next to the website address. Another indication of the use of OpenSSL being used is the letter “s” appearing after the initial “http” at the beginning of a website address. The padlock and the “s” indicated to people communicating with websites that your communications were encrypted and safe from hackers. Now we have just learned about newly discovered flaws in Open SSL which can be exploited by hackers and identity thieves, but at nowhere near the scale of the vulnerability formerly presented by Heartbleed. The flaws were discovered recently by David Ramos of Stanford University who smartly withheld making his discovery public until server administrators had the opportunity to come up with the necessary security patches to plug these holes. The Department of Homeland Security has just released an advisory that provides security patches and updates for multiple OpenSSL related flaws. We as consumers will not need to do anything, but administrators of servers that use OpenSSL for websites, email and other purposes should install the new patches as soon as possible.
For those interested or those affected here is a link to the Department of Homeland Security’s advisory which, in turn contains link to the security updates. https://mail.aol.com/webmail-std/en-us/suite
This is not anything unusual. In fact, I predicted this would happen in my predictions for 2015 in a column I wrote at the end of 2014 in USA Today. Here is a link to that column. http://www.usatoday.com/story/money/personalfinance/2014/12/20/cyber-hack-data-breach/20601043/