On-line Banking Bug - Heartbleed

[jongleur]

Many of us do our banking on line. What
do you all think about the bug recently
found? It's called the Heartbleed bug and
many news sources recommend waiting a
few days to check your on-line banking,
and then changing all your passwords.
I use about 80 different passwords.

[MarkJ]

Check the servers you connect to with this tool

Test your server for Heartbleed (CVE-2014-0160)

[1000 islands]

Quote:

Originally Posted by MarkJ

Check the servers you connect to with this tool

Test your server for Heartbleed (CVE-2014-0160)

And I trust you to ensure if I click I won't regret it

[Hud3]

The vunerability is specific to OpenSSL. If your bank/financial institution uses another encryption scheme you don't have to worry about Heartbleed.

[jongleur]

The vunerability is specific to OpenSSL. If your bank/financial institution uses another encryption scheme you don't have to worry about Heartbleed.

MarkJ:

Is this what we would find out by clicking on your link?

[BandB]

Honestly, at this point, the potential damage to be done by heartbleed is unknown. It is just known that a huge vulnerability exists. Fact is, however, we're at risk every day and many ways. It's not just online and not just credit or debit cards. Every time you use a card it's exposed. Any time you write a check as well. Anyone can produce a check with all your information and use it locally or online.

It behooves every one to take certain precautions. First, set up alerts on all your accounts to text and email you any large or international or other transaction outside normal parameters. Second, look at your account online regularly, preferably daily, so issues are caught quickly. The banks are prepared and quickly can shut cards down and reissue, shut bank accounts and give a new one. Fraud departments of some work better than others. If you see some random tiny transaction such as a penny on your account, that's someone testing and time to talk to the card company if they haven't contacted you. Be aware of things like heartbleed but also take the same precautions whether or not there's a known issue. It wasn't that long ago it was a huge card processor. Of course Target but also Neiman Marcus. Most of the issues have not come from online usage.

Then add to that regularly changing passwords as big a pain as that is. And one other thing I recommend. Keep minimal amounts in your checking account and do not get overdraft protection. That way if someone does get access they'll be limited in what they get and just get your checking balance, not your savings. And you'll be able to recover the loss from the bank, although might take a little while. My checking account always has very little money. If I was going to write a large check, I'd have to go online first and transfer money to it. Then write.

Bank account and credit information is at risk every day. Identity theft is as well. I'd suggest regularly monitoring your credit report and having some service to notify of new activity. I once had a housekeeper who got nine department store credit cards in my name sent to her at her address. She just said her address had changed and filled out the applications. She only got caught when she was buying a mobile home and right before delivery they called to verify my employment and the HR department knew something wasn't right.

[MarkJ]

Quote:

Originally Posted by jongleur

The vunerability is specific to OpenSSL. If your bank/financial institution uses another encryption scheme you don't have to worry about Heartbleed.

MarkJ:

Is this what we would find out by clicking on your link?

Yes, as far as I know.

So I put my banks website address in and that was fine. Then I put in the internet banking page URL where I put in my password (but i didnt put in my password, of course). Thats the one that starts https not just http.

And it came back with

Quote:

All good, internetbanking.xxxxxxxxxxx.net.au seems fixed or unaffected!

[captainbri]

It is now being reported that the NSA is behind this bug

Sent from my SAMSUNG-SGH-I537 using Cruisers Sailing Forum mobile app

[Tx J]

Quote:

Originally Posted by captainbri

It is now being reported that the NSA is behind this bug

Sent from my SAMSUNG-SGH-I537 using Cruisers Sailing Forum mobile app

IIRC, the NSA has merely been aware of it, has kept quiet about it, and exploited it when it suited them. The NSA seemingly didn't actually originate it. They do engage in their own little adventures though, only some of which we know of.
Worldwide there are hordes of others (so-called "hackers", et al.), both private/non-state and state actors, swimming in the primordial soup of the 'internetz'.