OpenSSL, a form of encryption that is used by many of the world’s leading websites, made the news earlier this year with the well-publicized Heartbleed vulnerability.
Now a new vulnerability, known as a CCS Injection, has emerged that means many websites must again update their servers to keep us protected.
Last week, AVG scanned the servers of 45,000 of the world’s biggest websites (according to ranking site Alexa), around half of which use OpenSSL encryption. Our analysis showed that of these potentially vulnerable sites, 75% are still not protected, leaving as many as 17,000 open to attack.
Why does it matter to Internet users?
As the encryption method used by several popular sites, OpenSSL is responsible for keeping much your data private. As your computers send your personal information such as bank details, credit card numbers, home and email addresses across the web, you’re relying on encryption such as OpenSSL to keep them safe from prying eyes. If there are vulnerabilities in the encryption method, then it’s possible that your sensitive data can be seen by the wrong people.
Is there anything I can do as a user?
While the risk to users is still small as websites continue to patch this vulnerability, we do think it’s really important that AVG users know whether or not their favorite sites are affected by this issue.
That’s why we’ve built additional functionality into our free AVG Web TuneUp product that will inform you with a handy banner whenever you visit a site that could be at risk from a CCS injection.
Here is what the banner looks like:
The decision to use the site is very much up to you. If you decide to go ahead, consider carefully before sharing any of your personal information on that website. It’s also worth noting that if one of your favorite websites has been affected by either Heartbleed or the new attack, it is definitely worth changing your password once that website has been patched, just for extra peace of mind. Visit this blog for information on creating a strong password.
What else can AVG Web TuneUp do for my computer?
AVG Web TuneUp is an easy to use and lightweight browser plugin that can help you get the most out of the Internet while helping to ensure that you stay safe, private and can even help you remove your browsing data at the click of a button.
Web TuneUp will scan every site before you click on it and award it a Site Safety rating of “Safe”, “Risky” or “Dangerous”. That way you can avoid any nasty surprises when you’re surfing the web.
If you are concerned about your privacy, AVG Web TuneUp can help block trackers from ad networks, analytics that monitor your behaviour and even social network tracking.
For more information on AVG Web TuneUp, visit the product page.
June 16, 2014