You may have recently read in the news about the Heartbleed bug. We want you to be aware of the Heartbleed bug and actions that may be necessary to secure your data.
What is the Heartbleed Bug?
Heartbleed is a flaw in the open-source encryption standard used by a majority of websites that transmit secure data. Encryption works by making data look like nonsense to anyone but the intended recipient.
Occasionally, one computer might want to check that there is still a computer at the end of its secure connection. This is known as a heartbeat – a small packet of data that asks for a response. Because of a programming error, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.
According to the researchers who discovered the flaw, the bug has been in existence for about two years, and using it does not leave a trace. This does not mean that information was compromised, but traditional techniques for determining whether there has been a security beach may not work.
Which Websites Could Be Impacted?
We have researched our website and the status of our vendor websites.
Dowling & Yahnke: Our website, including the portal, are not vulnerable to the Heartbleed bug (we use non-open source encryption technology).
Charles Schwab: Schwab became aware of the Heartbleed Bug vulnerability early last week and began validating the security of their web environments with a focus on checking for this specific vulnerability. Efforts to date have not detected this vulnerability on Schwaballiance.com, Schwab.com, Schwabadvisorcenter.com or any of its vendors. Please note that Charles Schwab offers their Schwab Security Guarantee which states that Schwab will cover 100% of any losses in a client account due to unauthorized activity.
What Should I Do Now?
To determine if a website is vulnerable to the Heartbleed bug, use the following link which provides a dynamic list of popular websites and recommended action:http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. If a website is not listed, you can check its vulnerability with the following site http://filippo.io/Heartbleed/
Should you change your account login password(s) anyway? While it may not be essential at this time, frankly, it’s never a bad idea – especially if it has been more than 60-90 days since your last update. Routinely changing your financial account passwords several times a year is an excellent and recommended practice, even when the proverbial coast seems clear. If nothing else, this recent event serves as a helpful reminder of the wisdom of this timeless advice.