Internet Security: The Heartbleed SSL Bug – NMP Skip to main content

Internet Security: The Heartbleed SSL Bug

Kevin Origoni
May 29, 2014

Question: Last month I read about an Internet anomaly called the “Heartbleed.SSL bug.” When I discussed this issue with our IT support staff, we were assured that the necessary precautions had been taken in-house to protect our financial applications and our network.  However, they mentioned that we should take precautions outside of their purview and change our passwords on all our private email accounts, services and various websites that are popular today. Is this really necessary?  Answer ... Yes!  Heartbleed is a serious bug discovered across the Internet that has existed for almost two years. This flaw, found in the way secure SSL sites communicate, allows the possibility for hackers to capture passwords and even create fake sites that appear like the real ones. SSL stands for Secure Sockets Layer, and is a protocol for managing the security of a transmission on the Internet. Many major sites such as Facebook, Google, Gmail, Yahoo, Twitter, Apple, GoDaddy, Netflix, YouTube and Dropbox have been affected. Most of them have since patched the flaw but your passwords need to now be changed in case they were stolen prior to the fix.  A comprehensive list of the affected sites and their reactions has been compiled and can be found at this link. This is not a virus that is spreading. There is no protection to install for your computer. The only way to be safe is to change your passwords to any online site—and I mean all your passwords! To increase your security even more, and prevent something like this from happening in the future, we encourage you to use a process called “two-step verification” whenever possible. Known as “Two-Step Authentication,” the protocol is used on many major sites, such as Gmail, LastPass, Yahoo! Mail, Facebook, Twitter, Dropbox, Evernote, and LinkedIn. An example of Two-Step Authorization, such as the one deployed at Gmail, utilizes a password and then a second code you enter. In turn, this prompts a text message code to be sent to your cell phone, and you respond to the logon prompt with the code that was just sent to you. As I noted here in an earlier FAQ on Internet Security, remember that your personal computer is the gateway to information that someone else may want. Kevin Origoni is director/IT and Internet security for Long Beach, N.Y.-based Lenders Compliance Group.    
Published
May 29, 2014
CFPB Seeks Insight On Creating A Fairer Mortgage Market

The Consumer Financial Protection Bureau has been actively looking to create a fairer mortgage market, free of discriminatory engagements. To do so, it issued a Request for Information to seek input on rules implementing the Home Mortgage Disclosure Act.

Regulation and Compliance
Nov 17, 2021
Regulators Renew Effort to Protect Against Foreclosures

CFPB, The Fed, FDIC and other agencies will watch for compliance with COVID-19 protections

Regulation and Compliance
Nov 10, 2021
Fed To Begin Tapering Asset Purchases by 14.3% This Month

Also sets target range for the federal funds rate at 0 to 1/4%.

Regulation and Compliance
Nov 03, 2021
CFPB Cracks Down On Discriminatory Credit Reporting For Black And Hispanic Consumers

Consumers in majority Black and Hispanic neighborhoods are far more likely to have disputes appear on their credit reports. 

Regulation and Compliance
Nov 03, 2021
CFPB Names 2 New Assistant Directors

Former Obama Administration officials will lead Supervision Policy, Enforcement divisions.

Regulation and Compliance
Oct 29, 2021
FHFA Proposes Extra Disclosure Rules For Fannie, Freddie

The proposed rule for the Enterprise Regulatory Capital Framework seeks to put Enterprises on a "level playing field" with U.S. banking requirements.

Regulation and Compliance
Oct 28, 2021