Internet “Heartbleed” Bug Exposing Passwords To Hackers
NORTH TEXAS (CBSDFW.COM) – We’ve all seen the icon of a padlock preceding an “https:” internet URL. The “lock” was meant to reassure you the internet page you were going to was secure. A major security bug officially called CVE-2014-0160, but given the name Heartbleed because it can bleed information from websites, has compromised that security.
A SSL/TLS problem with an open-source software called OpenSSL, a cryptographic library used to secure internet traffic, now has internet security departments around the world working overtime.
Researchers say one of the reasons Heartbleed has turned into such a huge vulnerability is because the threat has been active for more than two years. The encryption technology also allows attackers to gather sensitive data without leaving a trace.
The result has researchers recommending that everyone, all users of the internet, change all of their passwords.
A fix to the encryption problem came out April 8, but if the service or website has not installed the fix changing all your passwords won’t do any good.
The security firm Codenomicon, along with a Google Inc. researcher, discovered the problem. A statement on their findings read, in part –
“We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”
The Heartbleed bug leaves email, banks, e-commerce sites, social networking posts and other internet traffic vulnerable.
Officials with Yahoo Inc. said most of its most popular services had been fixed, but work was still being done. Their statement read –
“As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”
(©2014 CBS Local Media, a division of CBS Radio Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)
- David Ragan To Replace Vickers At MWR For Rest Of NASCAR Season
- Another Major Company Relocating To Plano
- Argyle Construction Resumes After Deaths
- Texas A&M Galveston Professor Fails Entire Class
- Tony Award Nominations Announced
- Texas City Working To Turn Sewer Water Into Tap Water
- Plano Man Killed After Reentering Burning Home To Retrieve Phone
- Allen ISD’s $60 Million Football Stadium Closed For Months
- Spring One Day, Thundersleet The Next
- North Texas Man “Crowdfunds” $90,000 Birthday Party
- PHOTOS: Your Pet Pictures