If you are one who transact over the internet or run banking applications on your mobile devices, chances are that you might be affected in a way or two by the Heartbleed bug in OpenSSL.
So what is Heartbleed? According to a BBC report, it’s an OpenSSL vulnerability. OpenSSL is a security protocol that encrypts communications between your computer (or device) and a Web server. As the BBC put it, it’s sort of a “secret handshake at the beginning of a secure conversation.”
“Most websites, many operating systems, and many apps use OpenSSL. It’s everywhere, and one version of it has a critical bug that lets hackers exploit a function known as the “heartbeat option,” which lets a computer (like yours) send a message to an Internet server to make sure they are still connected — think a tap on the shoulder to see if your buddy is still awake. This bug lets attackers send fake heartbeat messages to trick the server into sending back sensitive data like passwords and credit card numbers. Again, it’s very bad.”
If you visit a site beginning with https:// , chances are that this site uses the SSL to secure the transactions.
There are various ways to check if a site is potentially unsafe. Some tools include
https://www.ssllabs.com/ssltest/
We tested a few internet banking sites and they all passed the test. The test returns the message “TLS extension 15 (heartbeat) seems disabled, so your server is probably unaffected”.
OCBC internet.ocbc.com
DBS internet-banking.dbs.com.sg
UOB pib.uob.com.sg
ANZ sgib.anz.com
Citibank www.citibank.com.sg
Maybank sslsecure.maybank.com.sg
CIMB www.cimbclicks.com.sg
HSBC hsbc.com.sg
Anyway, another layer of protection is via the 2FA token. If you feel insecure, it is perhaps time to change your password to a much stronger one with alphanumeric characters.