FindLaw's Common Law

Consumer protection legal news from FindLaw.com.




December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

FindLaw Blogs


FindLaw Blotter
Free Enterprise
Injured
Law & Daily Life


If you're looking for information on common law marriage, please visit the Common Law Marriage section on FindLaw.

« Top 5 Legal Tips for a Pawn Shop Loan | Main | 15 Online Behaviors That Make You Vulnerable to Scams »

What Is the 'Heartbleed' Security Flaw? What Should You Do?

An online security flaw called "Heartbleed" has made many of the most popular websites vulnerable to data breach and left consumers uneasy.

What exactly is Heartbleed, and what can you do to protect yourself?

Heartbleed Cracks the SSL Lock

The Heartbleed flaw is a vulnerability in the open-source OpenSSL encryption technology used by many of your favorite websites. SSL is a popular Internet security protocol that allows Web surfers to make a secure connection with sites in order to send sensitive data.

Sites that use SSL to create secure connections are indicated by an "s" after the "http" in the address, as well as a small "padlock" icon in the address bar. But according to CNN, the Heartbleed flaw allows cybercriminals to crack this "lock," giving them access to personal data as well and possibly impersonate a secure site.

One of the largest sites affected by the Heartbleed flaw was Yahoo, and Yahoo Mail usernames and passwords were vulnerable to theft as a result, reports CNET. Yahoo has since reported that it has corrected the problem across its various sites (including Tumblr and Flickr), but vulnerabilities may still remain.

Tech consultant Filippo Valsorda has created a "Heartbleed test" to determine if your favorite sites are vulnerable to this security flaw, which initially revealed issues with sites like OkCupid and Imgur.

Protecting Your Data

You may receive a notice from a compromised site explaining the details of their security changes and how you should proceed. Steve Lohr of The New York Times notes that simply changing passwords will not help if the Heartbleed flaw has not been addressed.

Users should wait until they receive confirmation that their favorite sites have been fixed, and should avoid logging on to those sites until then. If you are worried about smaller businesses that may have your sensitive data, like small vendors or banks, contact them and request an update about the Heartbleed flaw.

While you wait for these sites to get their security ducks in a row, this would be a good time to review your own password practices to make sure you aren't leaving yourself vulnerable.

Related Resources:

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451609d69e201a73da5beec970d

Listed below are links to weblogs that reference What Is the 'Heartbleed' Security Flaw? What Should You Do?:



Subscribe



Archives




Common Law Vanguard Panel

The following firms have assisted the FindLaw editorial team in identifying emerging trends in consumer protection law and topics of importance to readers of this blog: