|The days of constant computer viruses and bugs seemed to be over, as internet users and service providers have learned how to decipher and secure systems against vulnerabilities. However, it turns out that a major security flaw has slipped by for two years without anyone noticing — and it could easily empty your bank account.
Discovered independently by Google researcher Neel Mehta and the security firm Codenomicon, the bug — officially known as CVE-2014-0160 — has been nicknamed the “Heartbleed” virus, due to its means of imitating and threatening the security of digital heartbeats.
This vulnerability applies to encryption software OpenSSL, a popular data standard used by most websites that provides secure data transmission. Think any website where you have personal information stored, such as credit cards, social security numbers, your bank account information, or your address and phone number.
According to a Netcraft web server survey, out of nearly 959 million websites, 66 percent are powered by technology using the SSL standard, not including email, chat services or apps.
How Does the Heartbleed Vulnerability Affect Security?
When you’re on a secure website, there are protective measures in place that go beyond providing a password or typing in a security code.
Encryption is built into these sites, making it so any computer incorrectly receiving the information will be transmitted jumbled data. As a means of checking that a computer is at the other end of a secure connection, a computer can send out a small packet of data that asks for a reply, known as a heartbeat.
The Heartbleed bug is a vulnerability that threatens the security of a heartbeat. Mehta and researchers at Codenomicon found that it was possible to send a imitation packet of data to trick the receiving computer into sending data stored in its memory. This code leaves no trace and can even give hackers access to cryptographic keys — allowing them to impersonate or monitor servers.
What Does the Heartbleed Bug Mean To Your Finances?
This virus could compromise all of the personal information you’ve ever shared with a server, such as usernames, passwords and uploaded content. For example, information provided online for a loan, online shopping, tax filing, property applications or medial histories could all be at risk.
And a server can maintain a vast amount of information for an extended amount of time, meaning that even your old bank, medical provider or online shopping destinations could still have your information and could be a threat to your savings account. Essentially, all the security in your online activity could be moot.
The old adage was to only bank with secure https websites; however, that no longer applies, as this virus attacks computer servers. It’s safe for consumers to assume that their personal information has been compromised. It’s recommended that secure-website users update and improve their passwords at this time.