Budapest, April 14 (MTI) – There are around 1,000 websites in Hungary — web-shops, community websites, bank and email systems among them — affected by the heartbleed bug, as well as several android apps which run OpenSSL, the chief of the Hungarian National Security Authority (NBF) told MTI today.
Mihaly Zala said the NBF did not have the authority to examine privately operated sites, but based on websites interacting with state, local government and certified suppliers, the agency estimates that up to 2 million people in Hungary could be affected.
Open SLL is an open-source encryption technology software signalled by the “https” code in an internet address line. It is mainly used by websites where users are asked to register and key in a user name and password. However, the problem with open-source software is that it has no support. SSL has been vulnerable for two years, he said.
The server operators, in other words banks and service providers, are responsible for updating the security certificates for SSL applications. But end-users are advised to change their log-in names and passwords, he added.
Zala said it was a big problem that most people use the same password for everything — including emailing and banking. If SSL suffers a hit, the attacker can access a client’s internet bank, where they often withdraw small amounts at a time which can go unnoticed. The hackers often only lift off a few hundred forints but from lots of people’s accounts, Zala added.
He said it was helpful that some community sites keep a log of login location information and notify their users if a strange login location has been detected.