The internet is in uproar over revelations about a vulnerability in the OpenSSL code and it is believed 17pc of the internet may be compromised. But this vulnerability, known as Heartbleed, has existed for two years – if hackers weren’t aware of it they are now, warn the experts.
So, are there any victims of Heartbleed yet?
Williams points out that it is still unknown if anyone has even been a victim of a cyber attack because of the two year-old vulnerability.
“Those who have found their systems vulnerable are typically following a process of first securing their systems, and THEN notifying users that they should change their passwords – as a precautionary measure. There is no point changing your password NOW on a potentially insecure system if the web site operator has not yet updated their system – the likelihood that still-vulnerable systems are being targeted by attackers has increased exponentially in the last 72 hours since HeartBleed because widely known about and sample attack code was published on the internet.
“Remember that two different security researcher ‘white hats’ found this vulnerability – and it has been in the OpenSSL code for the last two years,” Williams concluded.
“We just don’t know how many, if any, hackers may have discovered and quietly exploited it up to now.”
Should we change our passwords or not?
The big question most users are asking themselves is should they change their passwords or adopt a wait-and-see attitude.
“Relying on passwords alone has long been acknowledged as a poor method of user authentication,” says Williams. Two-factor authentication (by means of a security token, SMS text message to the user, or similar) significantly increases security.
“Users who use the same password for multiple systems will obviously have most to fear were an attacker to steal their password from a compromised system. If you have done this, change it today before you have reason to regret it tomorrow…”
“Likewise changing your online passwords on a regular basis, although it can be tiresome, is a prudent step to enhance your online security,” Williams said.