Liberty Accounts is not affected by the serious vulnerability in OpenSSL discovered earlier this week. Whilst used by up to two thirds of the internet, Liberty Accounts does not use this tool. We’re fortunate this time but a lot of other SaaS providers haven’t been as lucky.
This vulnerability, referred to as Heartbleed allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Whilst not the first and most definitely not the last involving internet security, this vulnerability will lead users of online services to reconsider how they can best protect themselves and their data. We at Liberty Accounts would strongly recommend the following:
1. it is good practice to regularly change your passwords that you use online and, although often difficult to remember, try to use a different password for each site that you use;
2. never store any security details in an online database e.g. some aggregation services (where your data is pulled down from your bank account) require storing of your banking credentials in their online database – DON’T!
Please feel free to contact us for further information.