/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
/socialsamosa/media/member_avatars/uFf1SrIk167BQ4yXdoHx.png )
Follow UsUSA: Symantec is aware and currently investigating the OpenSSL vulnerability, dubbed Heartbleed - which allows attackers to read the memory of the systems using vulnerable versions of OpenSSL software.
This may disclose the secret keys, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed including names and passwords of the users or other data stored in memory by the service. Symantec recommends:
For businesses:
* Anyone using OpenSSL 1.0.1 through 1.0.1f update to the latest fixed version of the software (1.0.1g), or recompile openSSL without the heartbeat extension.
* Businesses should also replace the certificate on their web server after moving to a fixed version of openSSL.
* Finally, and as a best practice, businesses should also consider resetting end-user passwords that may have been visible in a compromised server memory.
For consumers:
* Should be aware their data could have been seen by a third party if they used a vulnerable service provider.
* Monitor any notices from the vendors you use. Once a vulnerable vendor has communicated to customers that they should change their passwords, users should do so.
* Avoid potential phishing emails from attackers asking you to update your password - to avoid going to an impersonated website, stick with the official site domain.