search widget

‘Heartbleed’ Bug: Most Website are Vulnerable to Hackers. Is Your Information Safe with Quickteller and Others?

Tuesday, April 8, 2014

A Heartbleed vulnerability tester shows Yahoo to be afflicted by the bug, which can reveal passwords and in principle let others create a bogus version of the Web site.
In what experts described as one of the most serious security flaws in recent years, a new finding by researchers found out the presence of a bug called "Heartbleed", in popular software used by millions of web servers, making the data on many major websites vulnerable to hackers.
"Heartbleed" bug was found in OpenSSL, a popular open source cryptographic library used by millions of web servers, according to a finding by researchers with Google Inc and security firm Codenomicon.
The bug can reveal sensitive datas like credit card numbers, usernames and passwords as it can allow internet users to read memory of a server.
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs)," according to the website Heartbleed.com.
"The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content," it added.


Many Nigerian Banking firm has internet banking today, including some payment processors who accepts users data for payment processes.
In all, Quickteller.com from InterSwitch is a major one to look out for, as many merchants use them.

Although I've not heard any update from Nigerian banking firms or Quickteller about weather this affects them or not.
But am sure if they are on Open SSL, they are sure vulnerable during the time.

Due to the widespread nature of this vulnerability, I recommend changing your passwords across the web, especially for sensitive sites (Banking, Data storage, Online payment system etc).
For more information on the Heartbleed bug, please visit http://heartbleed.com

UPDATE: A Test from Filippo says Quickteller is unaffected or been fixed.





No comments:

Post a Comment