Heartbleed SSL failure is a Black Swan Warning to Investors http://t.co/EpOswPSSOi
— Don Martin, CFP® (@DonMartinCFP) April 9, 2014
Mr. Bierer recommended that advisers and clients immediately change their banking passwords and then follow good Internet security guidelines: Passwords should be changed every 90 days, should not be shared and shouldn't be re-used for different websites.
Bill Winterberg, founder of FPPad, a technology consulting firm for financial advisers, agreed with the potential dangers of Heartbleed.
Calling it “bad news,” Mr. Winterberg said anyone who uses Internet services has potential vulnerability to the bug.
He recommended advisers and clients go to the filippo.io Heartbleed test and use the online tool to enter the domain name of any web service used, to identify whether the site is subject to attack.
The Heartbleed FAQ for financial advisers: What you should do right now! http://t.co/PWLGHKHlyP
— Bill Winterberg CFP® (@BillWinterberg) April 9, 2014
“Fortunately, more and more providers are securing their services and actively fixing this,” Mr. Winterberg said. “Still, the advice I'm giving my clients is to assume you're affected. Run the filippo.io test, and if the test says there's no more vulnerability, it's fixed. Then change your password.”
He also urged advisers and clients to use multi-factor web verification whenever possible.
Custodians and other financial services firms are testing their platforms to see if they're vulnerable to the Heartbleed bug.
TD Ameritrade Institutional, for example, released a statement saying that TDAI is monitoring the situation and working with business partners to validate that they are secure as well.
“TD Ameritrade's websites and mobile applications do not utilize versions of OpenSSL that are susceptible to the recently announced Heartbleed vulnerability,” the custodian said in its statement.
Roel Schouwenberg, principal security researcher at IT security vendor Kaspersky Lab, warned that any service that has run or is running the vulnerable OpenSSL code suffers a risk of information disclosure.
Great FAQ on the OpenSSL vuln. http://t.co/2Jfs5M8gTa The importance of this vuln can not be overestimated. CVE-2014-0160
— Roel Schouwenberg (@Schouw) April 7, 2014
“The vulnerable code has been out there for two years already, and exploitation of the vulnerability doesn't leave any traces in the logs on the server, making it hard to determine if exploitation ever occurred,” he wrote in an e-mail.
“An attacker could possibly get access to personal identifiable information, user names, passwords, Social Security numbers, financial records and even the cryptographic keys that are responsible for encrypting the network traffic between client and server,” Mr. Schouwenberg said.
Regulators hold nothing back in condemnation of TD Bank after $3B fines.
New report says young Americans need help to get started on financial freedom journey.
The metal is up 25% so far in 2024.
Chicago Fed president says inflation risk remains.
Ratings firm says rate is twice that of non-PE-backed firms.
Discover the award-winning strategies behind Destiny Wealth Partners' client-centric approach.
Morningstar’s Joe Agostinelli highlights strategies for advisors to deepen client engagement and drive success