• Welcome to ZD Forums! You must create an account and log in to see and participate in the Shoutbox chat on this main index page.

HEARTBLEED

Joined
Feb 23, 2011
:U

(CNN) -- A major online security vulnerability dubbed "Heartbleed" could put your personal information at risk, including passwords, credit card information and e-mails.

Heartbleed is a flaw in OpenSSL, an open-source encryption technology that is used by an estimated two-thirds of Web servers. It is behind many HTTPS sites that collect personal or financial information. These sites are typically indicated by a lock icon in the browser to let site visitors know the information they're sending online is hidden from prying eyes.

Cybercriminals could exploit the bug to access visitors' personal data as well as a site's cryptographic keys, which can be used to impersonate that site and collect even more information.

It was discovered by a Google researcher and an independent Finnish security firm called Codenomicon. The researchers have put up a dedicated site to answer common questions about the bug. They even gave it an adorably gruesome custom icon.

Heartbleed is the result of a small coding error but it could have far-reaching consequences and affect the majority of Internet users.

Researchers discovered the issue last week and published their findings on Monday, but said the problem has been present for more than two years, since March 2012. Any communications that took place over SSL in the past two years could have been subject to malicious eavesdropping.

What makes the bug particularly problematic is that there is no simple fix. Action needs to be taken by both the compromised sites and individuals who have visited them.

To protect their user data and encryption keys, sites must upgrade to the patched version of OpenSSL, revoke compromised SSL certificates and get new ones issued.

Many major websites including Google, Facebook, Yahoo and Amazon have said they've taken steps to secure their sites. Security researchers demonstrated the flaw by stealing Yahoo e-mail logins on Tuesday morning, but Yahoo has since fixed the issue across its major sites, including Tumblr.

It's not just an issue for major sites. Smaller online stores and services use OpenSSL, and those sites might take longer to make the necessary fixes. Websites don't typically publicize whether they're using OpenSSL, so the process will also be bumpy for consumers.

Individuals should update their passwords across the various Web pages they use, but only once they have confirmed a site has already taken the proper measures to address Heartbleed. If they don't and that site is still at risk, the new password could also be compromised. Many sites will also likely send e-mails instructing customers to update passwords if necessary.

Read more: (CNet.com)
(more)
(more)
(more)

Discuss.
 

Justac00lguy

BooBoo
Joined
Jul 1, 2012
Gender
Shewhale
Yeah I heard about this. Not quite sure if it's as "catastrophic" as it's made out to be, but it seems like an awful mistake. Apperantly they said not to go on the Internet for a few days (yeah as if everyone is going to do that :I). Anyway, they also suggested not to change any passwords on sites that haven't been updated. Unfortunately I have did such... Oh well.
 

Jamie

Till the roof comes off, till the lights go out...
Joined
Feb 23, 2014
Gender
trans-pan-demi-ethno-christian-math-autis-genderfluid-cheesecake
I keep being told to change my gmail and Facebook passwords, as I suppose they've been patched. In all honesty I'm not too worried. There's no evidence to suggest that large amounts of passwords have been taken and no evidence to suggest that anyone discovered the exploit before just recently. But I do suggest changing passwords of sites like gmail if you get money transfers and other secure information passed through your email just in case. But I can't imagine any super intelligent hacker who found this presumably hard to find exploit would be looking through my Facebook account to see my chats with my friends about University assignments.
 

Fig

The Altruist
Joined
Jul 23, 2011
Location
Mishima Tower
I have heard about this via the tumblr staff and Facebook posts across the weekend! Personally, I really don't find it so terrifying as from what I've heard and how it is described from the vast articles about it online and on the television. Hopefully all areas of the internet will be patched up real soon as it is quite possible for hackers to still personal information that may contain access to credit cards, stocks, etc. Either way, I advise anyone to take the chance to change their current passwords to the sites that they use the most or have the most important details in their lives just to be on the safe side.
 

Users who are viewing this thread

Top Bottom