06 May How Heartbleed Vulnerability May Affect Stored Credit Cards
People are distressed about a coding mistake known as Heartbleed, which has derailed security for many online services. There is a lot of confusion and questions as to how it will affect credit card processing and merchant accounts.
Is Heartbleed a Virus?
Heartbleed is an OpenSSL bug, not a virus. It’s an error that occurred in the coding of open source encryption, which potentially allows third parties to eavesdrop on communication or to pull out confidential information. When working properly, OpenSSL protects communication from eavesdropping, but this bug creates a security hole.
It Affects More Than Websites
There is a lot of press about the security breaches occurring on major websites as it causes serious issues for significant amounts of data to be pulled. What people don’t realize is that it also affects other devices, such as laptops, phones and any divide that can get online to connect to other networks.
Does Not Enable Remote Control
Some have been worried that Heartbleed could enable others to control iPhones from remote locations. This so far has not been proven true. The real issue is the possibility of hackers getting access to memory stored on the phones. Most phones have been okay thus far except for the Android 4.1.1., for which Google is releasing patches.
Windows XP Users Won’t Be Affected
There were rumors that XP users would be screwed because Microsoft stated that it would not be supporting Windows XP anymore right around the same time the Heartbleed story surfaced. This may have been a valid concern except for the simple fact that XP doesn’t use OpenSSL.
Major Banks Are Fine
Credit card processing in major banks, such as Wells Fargo and Bank of America, are fine as they do not use OpenSSL. The same is true for major retailers online such as ebay and amazon. Merchant accounts on Paypal are safe as well.
Heartbleed Leaves No Trace
Just because your website or service issued a patch doesn’t mean you’re safe. Heartbleed leaves no trace. If data was stolen before the patch was released you wouldn’t know.
NSA and Heartbleed
Some claim that the NSA has been exploiting the Heartbleed flaw. They deny any awareness of its existence. There is no evidence otherwise.