The websites you visit are no longer as secure as you thought. A flaw in the encryption software used throughout the Internet opens the door to hackers—but don’t go changing all your passwords yet.
The problem was discovered Tuesday by Finnish researchers at Google and is reported today in a front-page New York Times story. Although television newscasters are warning that our passwords need to be changed immediately, this may not be the case. Managers at major websites such as Yahoo!, Facebook, and Amazon have been scrambling to close the encryption loopholes with “patches.”
“At Dartmouth, we started working on this issue Tuesday and have identified approximately 47 servers in our data center that will require the patch. This work is being scheduled on a priority basis,” says Dartmouth Chief Information Security Officer Steven Nyman.
He says that for users on the Dartmouth wired network, or Dartmouth Secure wireless, the risk of having traffic and passwords compromised is low. He cautions that all users are still potentially at risk when they visit Internet websites (for shopping, banking, etc.). “Obviously, major companies will be patching for this as well, so the window of exposure going forward shouldn’t be that large,” Nyman says.
Nyman says consumers should be encouraged to change their password once a site has posted notice that it has been patched, thereby severing any links a hacker may have established. In the absence of any further information from a site’s owner, it is still a good idea to make a change, just to be on the safe side, he says.