When it was announced last week that there is a gaping hole in SSL encryption technology, web users and web businesses were understandably a bit freaked out. OpenSSL has long been viewed as the gold standard of anti-crime technology for two-thirds of the web, so it’s no surprise that everybody from Amazon to Tumblr has been rushing to protect their customers, not to mention their bottom-line.
When Akamai, one of the web’s biggest network providers, released a patch that it said would fix OpenSSL’s vulnerabilities, the worldwide web breathed a collective sigh of relief. The problem? As a blog post from Akamai’s CSO Andy Ellis published on Sunday states, the patch, once thought to be a panacea, is really only a partial, temporary fix. There are six critical values in OpenSSL that need to be addressed to completely plug the security leak. Akamai’s patch only addresses three.
What’s the Hold-up?
Before ‘Heartbleed’ was discovered, industry analysts expected eCommerce to jump to $1.5 trillion in 2014. However, if this issue with OpenSSL is not fixed and consumer financial information remains vulnerable to cyber-attacks, it stands to reason that confidence in online shopping will take a significant hit. It’s no wonder, then, that many in the industry are wondering just what the hold up is with getting this issue fixed.
The answer is that the fix is far more complicated than originally thought. On the one hand, webmasters have to make an effort to patch OpenSSL and retrieve new certificates. Facebook, Amazon, and others have already taken this step. On the other hand, once a site has been patched, consumers need to take the extra step of changing their passwords. This second step, the one that requires action by the consumer, is where the issue lies. Many consumers don’t like the hassle of changing their passwords, but even if they’re willing to do so, how do they know when the time is right? The Qualys SSL Server Test is a free tool consumers can use to make sure their favorite sites have properly patched their security.
‘Heartbleed’ Jumps from the Web
Unfortunately, even after big web companies and their consumers have taken necessary steps to deal with ‘Heartbleed,’ chances are that a huge body of consumers will remain vulnerable. As The Guardian reports, routers, smartphones, and other mobile technologies will remain vulnerable to ‘Heartbleed’ until tech companies make the security of those platforms a priority, something many believe won’t be happening anytime soon. Most, in fact, say that software development companies will leave most mobile platforms and their users vulnerable. For the time being, it seems, web users need to be more vigilant when shopping online.
What do you think of the ‘Heartbleed’ bug? Will it stop you from buying online?