I-Team: 'Heartbleed' a confusing security threat

April 29, 2014

The popular software used to protect your personal information has been compromised, but that threat is confusing some people.

This not something you should blow off.

Technology experts say that "heartbleed" is widespread and hit 66 percent of all websites over the past two years.

So the I-Team wanted to know what people are doing to stop the bleeding.

Heartbleed. The term comes from the communication between two so-called "hearts" on a server which verify your security as you shop, check e-mails and bank statements. There is now a backdoor break-in between those hearts, and it's bleeding.

"This is a very big vulnerability," said John Miller, Trustwave.

Miller is a security research manager for Chicago's Trustwave, which helps businesses stop cybercrime. He and other experts say heartbleed has been going on for two years, but it was only recently discovered.

It means that the little yellow lock on your trusted sites may not have been working at times.

Now websites and companies must re-secure their "SSL" or secure sockets layer certificates.

"Because of the heart bleed vulnerability those certificates might have been leaked which would allow an attacker to impersonate another company," Miller said.

Not only can your personal information be compromised on legitimate sites, but hackers can now actually create fake sites and fool you into logging in.

"It is actually a pretty massive problem and the interesting part is only half of all consumers only know a little bit about the breach," said Canh Tran, Rippleshot CEO.

Tran works out of the city's "1871," the cutting edge conglomerate of tech startups in the Merchandise Mart.

He's also alerting companies about "heartbleed."

"We are telling companies to fix the back door, and close it and then also monitor the server," Tran said.

As a consumer, you need to check every website where you enter personal information. E mail or call the company and ask if the heart bleed security issues have been patched.

Once you know the upgrade is in place, then you can change all of your passwords. If you change your passwords before the problem is fixed, you can actually put yourself at even greater risk.

Experts say unlike that target breach, there may not be any known victims. Yet.

"In this case, we know that there was a door open," said privacy lawyer Ted Claypoole. "We don't know if anyone broke in or what they took if anything."

Experts are also reminding people not to forget about changing passwords on e-mail accounts.

The consequences could be worse if an attacker breaches those because they may contain even more personal information to dozens of your other accounts.

The good news is, the most popular websites have already been patched.



Copyright © 2023 WLS-TV. All Rights Reserved.