If you have been paying attention to tech news over the last week or two, it’s hard to avoid reporting on Heartbleed -- the latest super-vulnerability to strike the Internet. This time, the most secure sites out on the Web have been the ones most affected.
Using the Heartbleed “back door,” hackers are able to gain access to information including:-- Usernames and passwords, regardless of the length or complexity of the password. -- Information such as a user’s history on a website and a record of their transactions. -- Potentially, other kinds of identifying information such as Social Security Number. -- Any other private data stored on a server, such as records of messages or emails. Heartbleed has taken the Internet by surprise because it is a vulnerability in the OpenSSL implementation of Secure Socket Layer, the protocol that makes it possible for sites to use encrypted transmission methods. While this does mean that a potentially large number of sites might have been impacted by Heartbleed, there are a number of ways that sites might have avoided being affected. Some of these have more to do with luck than technical skill, but all make a significant difference: 1) Servers Might Have Patched The Bug Already If an online service you use has been affected by Heartbleed, then you will be notified just as soon as the problem has been “patched.” Once the security issue is patched, then it becomes a matter of changing your password and being vigilant for any unusual transactions or behavior. 2) Servers Might Not Use The Specific Feature That Caused The Vulnerability The feature that opens the door to Heartbleed is not a required part of OpenSSL. It is, in fact, an optional feature included in relatively few releases. This feature simply works as a “keep alive” signal that helps maintain connections while a user is logged in and working. 3) Servers Might Have Other Implementations of SSL That Aren’t Affected Heartbleed is specific to OpenSSL. That means that it’s impossible for it to attack sites and servers that use other methods of encryption. All in all, it’s important to understand that the damage is limited. ?Does Heartbleed Affect ACH? At National Processing, we work hard to ensure that your confidential data is protected. That means monitoring and patching vulnerabilities proactively whenever possible. No reports have been made that suggest the Automated Clearinghouse network is vulnerable to Heartbleed. National Processing is working closely with technical experts to ensure that security is maintained across the nationwide matrix of ACH transactions. Whether using checks, credit cards, or Web-based payments, we want to ensure that you and your customers feel secure.