ST.JOHN’S, Antigua – A local technology expert is downplaying a global call by several tech firms for people to change all their passwords after the discovery of a major security flaw.
Some firms have advised people to change their passwords everywhere – especially for high-security services like email, file storage and banking.
But Yves Ephraim, who owns and manages Pegasus Technologies, says the threat is being over-hyped.
“There’s very little the user can do to fix this thing. This has to be fixed on the server end,” he said.
The tech expert also says that since this weakness has already been around for two years, it’s unlikely that hacks into personal accounts will spike now.
“I don’t think anybody is going to just start hacking systems en masse like the information that we’re getting seems to suggest and raising a panic, but I don’t think there’s any need to panic,” said Ephraim.
Ephraim says, however, it’s still good practice to frequently change passwords and remain aware of potential threats…
“Security is an on-going thing, and never sit on your laurels figuring you’re safe. I think changing passwords is something that we all should be in the habit of doing anyway, regardless of whether there’s a threat,” Ephraim added.
Google Security and Codenomicon – a Finnish security company – revealed on Monday that a flaw had existed in OpenSSL for more than two years that could be used to expose the secret keys that identify service providers employing the code.
They said that if attackers made copies of these keys they could steal the names and passwords of people using the services, as well as take copies of their data.