Print 

The Heartbleed Bug and Secure Online Transactions: Steps You Can Take to Protect Yourself

Posted on .

The good news: you’ve been safe when shopping at musiciansfriend.com all along

Heartbleed Bug
Image: Codenomicon

A cyber security bug has recently been found in OpenSSL, an encryption standard used by many websites to protect personal and financial information. Hackers familiar with how the standard works have been potentially able to intercept information such as passwords, user names, and other private data. This vulnerability raises a lot of concerns since the bug has been in place for more than two years and has impacted some of the Internet’s largest businesses.

How it works

The Heartbleed bug allows hackers to steal the encryption keys that enable intercepted data to be decoded and read. Using these keys, cyber thieves can potentially stealthily intercept secure data being transmitted between users and website servers without having to establish secure connection themselves.

Web security firm Codenomicon has issued a report detailing how the bug can be exploited and what steps should be taken by websites to eliminate future risks. A bug fix has been issued and is being widely implemented. The company’s take on the state of affairs is quite ominous:

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Has your data been compromised?

Given the scope of the Heartbleed bug, it’s quite likely that some of your private data is or has been at risk. As Codenomicon puts it:

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.

The good news for Musician’s Friend customers

The Musician’s Friend IT department has determined that the version of OpenSSL used on its servers does NOT have the Heartbleed bug vulnerability, and hence your private information has been secure from Heartbleed attacks all along.

How to protect yourself

According to web security experts, it’s probably wise to assume that your online accounts have been compromised. They recommend that you change your passwords, especially on those accounts that have required you to provide personal and financial information. But they also issue a caveat that doing so on sites that still have Heartbleed vulnerability will not help.

Qualys SSL Labs provides a free online tool with which you can test any company’s website to determine its level of encryption security. The Qualys service provides a letter grade assessment of each site’s security.

Comments  

# Jason 2014-04-12 15:55
Joe,

I am an IT professional and I'm sorry, but you haven't the slightest clue what you're talking about. Not one.

Your IP address has absolutely ZERO to do with this bug. Please follow the suggestions of the paid professionals and keep your completely misguided and technically ignorant misinformation to yourself.

Sincerely,

Someone who does this for a living
Reply
# joe 2014-04-10 18:37
If they are 'in' and you change you password, won't they still have it? It would seem they also need you IP address as an 'identifier'. You need to change your IP address as well I'd presume BEFORE you change passwords. That can be done simply by cleaning out your unit then shut it down. Go to the modum and unplug and turn it off...take the phone line out if it has one. You have to let it be for a while..the router usually will issue a new IP .
Reply

Add comment


Security code
Refresh

The Hub Musician's Friend Logo

DON'T MISS THE LATEST UPDATES!
CONNECT WITH US.

FIND GREAT DEALS NOW
ON MUSICIANSFRIEND.COM

Stupid Deal of the Day (SDOTD) Musicians Friend Hot Deals Used Musical Instruments at Musician's Friend

SHOPPING TOOLS

  • Guitar Case Finder
  • Cable Finder -- Every Cable, Adapter, & Connector You Need

SHOP BY CATEGORY

  • Used Gear
  • Hot Deals
  • Private Reserve
  • On Sale

SUBSCRIBE

  • Newsletter
  • Digital Catalog
  • Order the Print Catalog -- It's Free!