Dangerous New Internet Security Bug You Need to Know About

A serious flaw has been detected in the Internet’s key security method, the trusted https:// that indicates a site is secure.

“The flaw was discovered by a team of Finnish security experts and researchers at Google last week” according to The New York Times story Tuesday and may force a wide swath of websites including banks, Facebook, Yahoo and other password protected sites, to make changes.

The security breach has been given the name “Heartbleed” because it is a serious bug that leaves no trace. The Finnish researchers working for Codenomicon, a security company in Saratoga, Calif., and security researchers at Google found the “bug in a portion of the OpenSSL protocol—which encrypts sessions between consumer devices and websites—called the “heartbeat” because it pings messages back and forth. The researchers called the bug “Heartbleed.”

To find out if individual sites, such as your bank or email provider, were susceptible to the breach contact them directly. Many secure sites will be reaching out to consumers in the next day or two proactively urging them to change their passwords.

In a separate article in The New York Times it was agreed that the flaw underscores the need for consumers to practice good “password hygiene.” It states that in most cases it is best to wait a day or two before changing passwords to ensure that the sites affected have fixed the bug and that the potential for security leaks has passed.

Companies may not be aware of breaches to their security network because the flaw allows hackers to surreptitiously steal information without leaving a trace of their incursion into the secured sites.

Mark Seiden, an independent security consultant suggests using a core password with variations to ensure variety and therefore increase security, across a wide range of password-protected sites. “For example, Mr. Seiden said, you pick the second and third letter of a service, to avoid being obvious. If the service is Yahoo, the letters are ‘a’ and ‘h.’ those are added at the front of back of your core password, or one letter at the front and the other at the back.”