An
encryption flaw called the Heartbleed bug that has exposed a collection of
popular websites — from Airbnb and Yahoo to NASA and OKCupid — could be one of
the biggest security threats the Internet has ever seen. If you have logged
into any of the affected sites over the past two years, your account
information could be compromised, allowing cybercriminals to snap up your
credit card information or steal your passwords.
The
Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic
software library. This weakness allows stealing the information protected,
under normal conditions, by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy over the Internet for
applications such as web, email, instant messaging (IM) and some virtual
private networks (VPNs).
The
Heartbleed bug allows anyone on the Internet to read the memory of the systems
protected by the vulnerable versions of the OpenSSL software. This compromises
the secret keys used to identify the service providers and to encrypt the
traffic, the names and passwords of the users and the actual content. This
allows attackers to eavesdrop on communications, steal data directly from the
services and users and to impersonate services and users.
The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn’t any indication that a hacker caught wind of this; it seems the researchers were the first to locate the problem. But the scary part is that attackers could have infiltrated these websites, extracted the information they wanted and left no trace of their presence. Thus, it’s hard to determine whether someone ever exploited the bug, or if your account information was compromised.
The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn’t any indication that a hacker caught wind of this; it seems the researchers were the first to locate the problem. But the scary part is that attackers could have infiltrated these websites, extracted the information they wanted and left no trace of their presence. Thus, it’s hard to determine whether someone ever exploited the bug, or if your account information was compromised.
0 comments:
Post a Comment