CBS 11 Header TXA 21 Header MeTV Header KRLD Header The Fan Header

Local

Internet “Heartbleed” Bug Exposing Passwords To Hackers

View Comments

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up
Galleries

cheer thumb Internet Heartbleed Bug Exposing Passwords To HackersNFL Cheerleaders

cows Internet Heartbleed Bug Exposing Passwords To HackersCowboys Cheerleaders

mavs dancers 4 10 10002570231 Internet Heartbleed Bug Exposing Passwords To Hackers

Mavs Dancers

victoria thumb Internet Heartbleed Bug Exposing Passwords To Hackers

Victoria's Secret Fashion Show

dfw Internet Heartbleed Bug Exposing Passwords To HackersBest Young Athlete In DFW?

NORTH TEXAS (CBSDFW.COM) – We’ve all seen the icon of a padlock preceding an “https:” internet URL. The “lock” was meant to reassure you the internet page you were going to was secure. A major security bug officially called CVE-2014-0160, but given the name Heartbleed because it can bleed information from websites, has compromised that security.

A SSL/TLS problem with an open-source software called OpenSSL, a cryptographic library used to secure internet traffic, now has internet security departments around the world working overtime.

Researchers say one of the reasons Heartbleed has turned into such a huge vulnerability is because the threat has been active for more than two years. The encryption technology also allows attackers to gather sensitive data without leaving a trace.

The result has researchers recommending that everyone, all users of the internet, change all of their passwords.

A fix to the encryption problem came out April 8, but if the service or website has not installed the fix changing all your passwords won’t do any good.
The security firm Codenomicon, along with a Google Inc. researcher, discovered the problem. A statement on their findings read, in part -

“We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”

The Heartbleed bug leaves email, banks, e-commerce sites, social networking posts and other internet traffic vulnerable.

Officials with Yahoo Inc. said most of its most popular services had been fixed, but work was still being done. Their statement read -

As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”

Click here to find out more about the Heartbleed bug on CNET.com.

(©2014 CBS Local Media, a division of CBS Radio Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

Latest News:

Top Trending:

View Comments