Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google Inc., Facebook Inc. and large banks said they weren't affected.
The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.
"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber-security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
