14 DAY TRIAL // The Heartbleed bug hasn’t affected only websites, but also the financial system. US regulators are warning banks to quickly patch their systems in order to gain protection against the Heartbleed security bug.
The Federal Financial Institutions Examination Council has sent a warning to banks saying that their networks may have been exposed to hackers, telling them to patch their encryption software and to ask their customers to change their passwords.
Hackers could end up impersonating bank services or users and trying to steal the login credentials of customers, which would lead to serious security problems. They could also access sensitive email or gain access to the internal networks of the banks.
Financial institutions are expected to incorporate the provided patches for systems and services, apps and applications using OpenSSL.
“Financial institutions should also consider replacing private keys and X.509 encryption certificates after applying the patch for each service that uses the OpenSSL library. Financial institutions should operate with the assumption that encryption keys used on vulnerable servers are no longer viable for protecting sensitive information and should therefore strongly consider requiring users and administrators to change passwords after applying the OpenSSL patch,” reads the warning from the Council.
The Heartbleed bug was announced earlier this week and the news has been circling the globe ever since. The security bug basically nullified the entire purpose of OpenSSL since hackers could easily get to the unencrypted data, and even steal encryption keys for various servers.
Google, Yahoo and Facebook are among the sites affected, but the list is considerably lengthier. In fact, about two thirds of the world’s websites are in the same situation since they were using the affected OpenSSL versions.
To make matters worse, the bug has been around since 2012 and in the past two years, it could have been used countless times. It’s impossible to tell whether or not attacks have taken place because such actions don’t leave any traces on the affected servers.
While many were quick to say that this was done with a malicious intent, especially given the NSA scandal, the German developer who’s at fault for Heartbleed says that it was a simple programming error in an unfortunate area that affected security.
Internet users are advised to change their passwords since they may have been swiped by eventual attacks from hackers or intelligence agencies.