Heartbleed no longer a threat
Published:Sunday | May 4, 2014 | 12:00 AM
The Heartbleed bug, the latest security threat to hit the Internet, should not pose a threat to Jamaican users anymore, as the problem "has now been fixed," says Dean Smith, president of the Jamaica Computer Society.
Before the fix, it would have been pointless to change passwords, but now his advice to Jamaican Internet users is to change all their passwords if they believe their information has been compromised.
The fix "happens automatically", said Smith, so there is no reason for individual sites to put in place their own patch.
The bug was discovered in early April and is believed to have affected more than 500,000 Internet sites.
The Heartbleed bug is a type of vulnerability that allows Internet criminals to steal data from some popular security programs. That data can include secret passwords and other sensitive information. The bug only impacts OpenSSL, which is used by many big-name Internet sites such as Yahoo, Flickr, Tumblr, Google and Facebook, among many others.
Scotiabank said its customers were unaffected.
"We are confident that online banking and mobile banking applications remain safe and secure and that our customers' information remains secure," it said in a statement.
"As part of a normal course of business, Scotiabank actively monitors our networks and continuously conducts routine maintenance to help ensure that online threats do not harm our servers or disrupt service to customers," the statement said.
National Commercial Bank did not respond to a request for comment.
Smith said Heartbleed was "not necessarily only about banking" as the bug had hit a wide range of secure sites which use 'https' precursor to the website address and so could also affect sites using Visa, PayPal or other payment measures, or even sites with personal medical information.
USE OF 'HTTPS'
The use of 'https' is supposed to mean the site is secure. The address carries a padlock icon in the browser, giving some level of assurance to users.
In fact, the protocol and programming behind it contained the Heartbleed bug, which allows hackers to possibly access bits of personal information and passwords from the very site the that users most trusted.
This vulnerability was in existence from about 2011, but was only revealed to the public in early April.
"The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software," says information on the heartbleed.com website dedicated to the bug.
Flow Jamaica and its affiliate Columbus Business Solutions said their operations were unaffected.
"We didn't need to apply any fixes as our technology was not susceptible to it," said Delroy McLean, director of presales at Columbus Business, which provides cloud hosting services.
"In general, customers should reset passwords for websites which were impacted that they may use," McLean said.
He advised that customers take precautions and "should be concerned when visiting/using impacted sites."