Stop the bleeding: “Heartbleed” bug means Facebook, Google and maybe you aren’t secure

(Before It's News)

According to CNet, late on Monday, April 7, 2014, a very serious security vulnerability was revealed to web users who utilize the OpenSSL security protocol. OpenSSL is one form of an encryption protocol that tries to keep secret the communications that occur between a web browser and a web server. Google, Facebook, and other major web entities all relied on this seemingly secure protocol. Many online banking sites may face similar vulnerability.

The vulnerability discovered on Monday renders the security feature ineffective. This could mean that information such as passwords and account numbers are vulnerable to interception.

This blog has previously covered the risks for banks when dealing with corporate accounts. If the bank fails to provide commercially reasonable security procedures, they could ultimately be held responsible for losses experienced by corporate and business customers.

In addition to the potential for corporate account losses, banks have significant exposure for consumer account losses. In the wake of security breaches at Target banks should already be aware that Regulation E leads to exposure for losses experienced by consumers.

Banks that utilize OpenSSL for their online banking systems should already be in contact with their information technology professionals regarding ways to fix the Heartbleed vulnerability. Banks that don’t know whether they are vulnerable should definitely contact their information technology professionals to find out whether they are at risk.

Even if your bank’s systems are not specifically vulnerable to Heartbleed, there is still reason for concern. With sites like Google and Facebook potentially compromised, banks should recognize that customers and employees may have had their passwords compromised. Despite advice to the contrary, many web users have the same passwords for their email, social media, and banking accounts, so when an email account is compromised all accounts are compromised.

Banks should take this opportunity to remind their employees of best practices, and how important it is to have unique passwords for bank systems. Banks may also want to think about informing consumers about the necessity of updating passwords on a regular basis. Banks should also consult with legal counsel regarding the specific rules for liability for consumer and corporate funds because the rules governing accounts can vary. Banks that dawdle may find themselves compensating a lot of account holders for losses.

For questions regarding web security and liability, you can contact John Lande.

• CEI Sues EPA Over Stonewalling Records Request
• Futterman, Lanza & Block, LLP Offers Free Medicaid Planning and Asset Protection Seminar at Its Babylon Office
• Futterman, Lanza & Block, LLP Offers Free Medicaid Planning and Asset Protection Seminar at Its Smithtown Office
• Futterman, Lanza & Block, LLP Offers Free Medicaid Planning and Asset Protection Seminar at Its Melville Office
• Loan originator training: How much do you need?
• Congress Should Outlaw and Abolish All Unions (Tennessee: Ding, Dong, the Union Witch is Dead!)
• Court Rules Search Engines can Censor Results
• Advantages of Hiring Bail Bondsman in Fort Worth
• Nation’s Largest Stone And Gravel Producer Sued For Allegedly Allowing Black Worker To Be Taunted With Noose (video and picture)
• Dickinson attorney Jennifer Hodge sworn in to Illinois State Bar by new Magistrate Judge Helen Adams