By Mintimer Avila |Online Editor|
An estimated two-thirds of the Internet may be at risk, as people’s passwords, email and credit card information could potentially be out in the open due to a bug found in OpenSSL, a software used to encrypt and transmit data, according to CNN.
The bug, named Heartbleed, was the result of a bad line of code that was overlooked, and made its way into the final version of OpenSSL and into the majority of the internet.
Website owners can install OpenSSL as a free open source method of encrypting data from the user to the website, but due to its wide adaptation, the bug is now spread across millions of sites.
Heartbleed was discovered on April 7 by Neel Mehta, a Google engineer, and the Finnish security firm Codenomicon.
When a person attempts to log into a secure website, or make a payment online, anyone with adequate knowledge can obtain the secure information that would normally be encrypted, according to arstechnica.com
The problem may have been present for longer than two years and it is possible that any information processed through OpenSSL during this time may have been subject to eavesdropping, according to CNN.
“The danger of Heartbleed is that people often use the same password and username throughout various sites. If information was obtained through the vulnerability, that person might become a possible target,” said Dr.Vincent J. Nester, training and leadership coordinator at CSUSB.
Fixing this issue is complicated, as both the websites and its users need to work together.
Major companies such as Google, Amazon, Facebook and Yahoo have already taken steps to secure their site, but they are still advising people to change their password in case any information was already obtained.
When asked if there was some way to protect against any future vulnerabilities Nester said, “People should use a utility so their passwords are kept safe. Windows users should check out Lastpass and Apple users should check out either Lastpass or Dashlane.”
A software like Lastpass can manage the users’ passwords online and create a secure password without the user having to do more than click a button.
This prevents the user from getting into the habit of using the same password. They simply have to remember their login for the utility.
It is unclear how much information was obtained, but there are already signs of hackers attempting to use the information.
The Canada Revenue Agency suffered a breach on April 16 that leaked an estimated 900 taxpayers’ Social Security numbers.
Stephen Arthuro, 19 years old, was arrested in his Ontario home, and now faces two counts of computer-related crimes, according to CNN.
The breach resulted in the Agency having to shut down it’s website and push Canada’s tax return deadline back a week.
Websites need to update their version of OpenSSL to prevent any further eavesdropping.
Users not only need to change their password on the affected site, but also change their passwords on other sites if they are using the same login information repeatedly.
“Students should search online for a list of vulnerable websites and see what passwords need to be changed immediately,” said Nester.
A list can be found on mashable.com, and is being updated daily with sites that were affected, and recommended actions for users to take.