South African internet users are advised to change their passwords on websites, and possibly even those used for their banks or financial institutions, after the discovery of the Heartbleed bug. A check of South African banks revealed that their sites had been fixed or were unaffected by the bug.
The Heartbleed bug bypasses online security protocols, allowing the theft of information that would normally be rendered private by various encryption services. It affects the OpenSSL security software, which is the most widely used in the world.
"On a seriousness scale of one to 10, the Heartbleed bug is a nine or 10," said Altus van Tonder, head of internet security company Entersekt's development unit. "South Africa isn't more or less affected than anywhere else in the world because Heartbleed has affected everyone equally. It is most likely one of the most serious security breaches the Internet has ever seen."
The "best thing to do" would be to change the passwords on websites containing personal information.No way of knowing
"Internet banking is the most important, or any financial institution or website that has your financial information, like credit card details. The scary part is that you don't know if you've been attacked. There is no trace of it. There is no way to know," he said.
Fortunately, a patch for Heartbleed that has already been installed on almost all websites, including those of South Africa's banks, implying that personal information is safe.
However, because the bug is nearly two years old, it is possible that information was stolen before the patch was installed. For this reason, Christo van Gemert, a senior consultant at Meropa Communications, said it was best to change all passwords, not just those with financial implications.
"Gmail, Amazon, Facebook, Instagram and Yahoo! and probably most of the local shopping sites that use online encryption may need a new password to be safe. Why? Because your old password could have been stolen; because if you have any information stored in those accounts, it can be used to clone your identity; because your credit card details might be registered on those accounts," he said.
A website has been created, HeartBleed
that allows anyone to check whether any website has had the patch installed and is secure. A check of the country's online banks showed that they had been "fixed or unaffected", as had Kalahari, Amazon and social networking sites Twitter and Facebook.
Source: Sunday Times via I-Net Bridge