on a secure website and that all our passwords,
personal emails, and credit card information was
safe, was making that private information
accessible to hackers.
Internet users are advised to be on the alert as
security experts race to assess the damage
done by Heartbleed — a newly discovered bug
in technology that runs encryption for two-
thirds of the Internet A newly discovered bug in software supposed to
provide extra protection for thousands of the
world's most popular websites has exposed highly sensitive information such as credit card numbers,
usernames, and passwords, security researchers said.
The discovery of the bug, known as Heartbleed,
has caused several websites to advise their users to
change their passwords. "This might be a good day to call in sick and take
some time to change your passwords everywhere
— especially your high-security services like email,
file storage, and banking, which may have been
compromised by this bug," Tumblr wrote in a note to its many users. "The little lock icon (HTTPS) we all trusted to keep
our passwords, personal emails, and credit cards
safe, was actually making all that private
information accessible to anyone who knew about
the exploit."
Yahoo, the owner of Tumblr, confirms that its users'
passwords have been compromised. The bug was discovered late last week in the
OpenSSL technology that runs encryption for two-
thirds of the Internet. The researchers who
discovered it said that most Internet users "are likely to be affected either directly or indirectly."
It was found simultaneously by a Google security
researcher and a small security firm named
Codenomicon and disclosed Monday night. Experts are now scrambling to asses the extent of
the security breach, because the bug remained
undiscovered for two years.
Hackers may have
exploited it without leaving footprints. "We have tested some of our own services from
attacker's perspective. We attacked ourselves from
outside, without leaving a trace," Codenomicon
wrote on their newly created website about the bug. According to several security experts, it is one of
the most serious security flaws uncovered in many
years. "Heartbleed is like finding a faulty car part used in
nearly every make and model, but you can't recall
the Internet and all the data you put out on it,"
Jonathan Sander, vice president of research and
technology for Stealthbits Technologies, a
cybersecurity firm, told the Los Angeles Times.
The U.S. government's Department of Homeland
Security has advised all businesses using the vulnerable versions of the software to review their
servers.
No comments:
Post a Comment