Clipping of news on Brazilian Culture, Law and Citizenship
22/04/2014
This article was translated by an automatic translation system, and was therefore not reviewed by people.
transparent image
Brasilia 17/04/14 - In recent weeks , was widely publicized the existence of a security flaw that can reach much of the Internet users. The flaw in the system is responsible for communications considered secure ( encrypted ) used in most of the Internet services , OpenSSL , and could allow sensitive information from users of the network are sent to third parties .
In this context , the National Secretary of the Ministry of Consumer Justiaça ( Senacon / MJ ) seeks to clarify some basic issues of consumer interest as well as provide recommendations on how to protect yourself.
What is the security hole Heartbleed ?
Heartbleed is the name given to the security flaw that affects the technology used to ensure protected by the internet in its most common implementation connections , the OpenSSL library . She focuses in particular on the implementation of the mechanism known as the Heartbeat Extension TLS / DTLS protocols ( Transport Layer Security - Transport Layer Security )
This vulnerability allows a breach of security mechanisms for services and Internet services that use OpenSSL applications providers , endangering the users information .
As this failure affects communications and Internet use ?
The security flaw Heartbleed could allow unauthorized access to records systems that protect the vulnerable version of OpenSSL access, allowing , for example ( 1 ) have access to private customer information , such as passwords and user names ; ( 2 ) access the private key used by the server ; ( 3 ) access to the contents of encrypted traffic .
Who was affected? All websites and web applications ?
It was all over the internet that was affected , although this fault is probably the broadest and most significant yet . Were the providers and websites that make use of OpenSSL 1.0.1g to 1.0.1 versions [ 1 ] only affected .
recommendations
1 for the consumer. :
a. Please inform yourself along to service providers that you use to communicate your personal data , in particular their vulnerable data such as banking information , underwear , health , etc. confidential . Request information on ( a) whether the service was affected by the security flaw Heartbleed ; ( b ) What measures are being taken ; ( c ) What can and must be done by the customer himself - as, for example, changing passwords ;
b . Stay tuned for any information supplied by service providers . If no such communication , you can contact through their customer care services for the information listed on the item .
c . Monitor the occurrence of unusual or suspicious activities in their email accounts , social networking , internet banking and other services on the network . If you notice something out of the ordinary , contact your respective service , requesting information on how to proceed ;
c . The Heartbleed failure is not a virus or a malicious program that can be " corrected " instantly only by the user , on your own computer . Unlike a virus , it does not properly housed on a computer , but is an integral part of the system of some . of this communication to other computers through the Internet this way , the consumer should be aware of misleading offers services that address the issue adequately enough ;
f . Stay tuned to emails received requesting password change and / or username . If this communication was not officially used by the service provider , not providing new information to an unknown sender. In particular, avoid following links embedded in email, always preferring to perform the password change service going directly to the site .
g . Consumers who opt to change the passwords for services before an official communication by providers must keep in mind that the password change will be effective only after the solution of the security flaw . Having this statement , the consumer must change your information again.
2 . For providers of Internet service applications
Consumer information it is recommended that the service was either not affected by the security flaw Heartbleed . If so, it is recommended to inform their consumers and customers about the bug fix and security measures to be taken by its consumers .
If the consumer check irregularities in service in the network, it may seek the organs of the National System of Consumer Protection for information and exercise your rights regarding any losses , noting that , whenever there is a consumer relationship , providers , sites and other entities that use the technology subject to failures are jointly and severally liable for damages.
Ministry of Justice
Short facebook.com / JusticaGovBr
www.justica.gov.br
imprensa@mj.gov.br
(61) 2025-3135 / 3315
Source : Ministry of Justice - MJ
Our news are taken in full from our partner sites . For this reason , we can not change their content even in cases of typos .
This article was translated by an automatic translation system, and was therefore not reviewed by people.