Internet users urged to secure data


Sunday 13 Apr 2014

Charles Sturt University IT security expert Dr Tanveer Zia has urged Australian internet users to secure their personal and financial information as attempts are made to fix the Heartbleed Bug.

The bug, which is an online security vulnerability which could expose the private information of internet users, was found in the OpenSSL encryption protocol currently used by nearly two thirds of all web servers.

"Put simply that means information kept by social networks, financial institutions, government organisations and businesses is at risk, should hackers use this vulnerability to break into these systems," Dr Zia said.

Software security company Lastpass has introduced a Heartbleed checker to check whether sites are impacted by the bug, and Dr Zia said the results were worrying.

"To my concern, when I tested websites of major Australian banks the results showed their servers had used OpenSSL and could have been vulnerable to the Heartbleed bug," he said.

"I am sure that result would worry many ordinary users about the security of their financial information."

Many companies affected by the bug are in the process of updating their systems to protect against Heartbleed, but Dr Zia advised users to take precautionary measures to ensure their information is safe.

"An immediate reaction from people would be to change the passwords they use, but changing passwords will not help until the individual sites have patched their security vulnerabilities," he said.

"Technology website CNET has compiled a list of questions and answers for users, and the suggestions there include not logging in to any potentially vulnerable accounts until the company has patched the vulnerability.

"Users should also be vigilant about the confidentiality of their information they have made available to various sites. I would recommend users to remove their financial information from websites unless they are sure those sites have patches in place. This would include removing their banking details from websites which are normally considered to be secure.

"Many free apps and websites lure users for free subscriptions in exchange for personal or financial information. Users should immediately remove their confidential data from such websites. These free apps and websites may not even know about the Heartbleed security vulnerability in their servers."

"People should observe the speed of their computers and be alert for advertising suddenly appearing in their browsers. Slow processing speed and excessive advertising pop-ups can signal that unauthorised software is trying to gain access to the systems. If you suspect your information have been compromised, immediately contact the customer services department of the business in question. 

"Although the primary responsibility to protect the information of customers lies with the online businesses and service providers, it is equally the responsibility of users to be vigilant and aware of who is accessing their data and the purposes for which it is being used."


ends

Media contact: Mark O'Brien, (02) 6365 7813

Media Note:
Contact CSU Media for interviews.