Connect with us

Hi, what are you looking for?

World

‘Heartbleed’ bug puts encrypted data in danger

-

Computer security specialists on Tuesday raised alarm about a freshly discovered bug in online data-scrambling software that hackers can turn to their advantage.

The bug dubbed "Heartbleed" in OpenSSL encryption software lets attackers illicitly retrieve passwords and other bits of information from working memory on computer servers, according to cyber-defense specialists at Fox-IT.

OpenSSL is used to protect passwords, credit card numbers and other data coursing through the Internet.

"There is no limit on the number of attacks that can be performed," Fox-IT said in a blog post that listed steps business IT handlers can take to thwart incursions.

Information considered at risk includes source codes, passwords, and "keys" that could be used to impersonate websites or unlock encrypted data.

"These are the crown jewels, the encryption keys themselves," said a heartbleed.com website devoted to details of the vulnerability.

"Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will."

Security researchers reported being able to dig out Yahoo password information by taking advantage of the bug. Yahoo released a statement Tuesday saying it had fixed the problem at its main online properties.

Fox-IT estimated that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.

OpenSSL is used by more than half of websites, but not all versions have the vulnerability, according to heartbleed.com.

The group behind open-source OpenSSL put out a security alert urging users to upgrade to an improved version of the software and gave credit for finding the bug to Neel Mehta of Google Security.

A blog post at the Tor Project website advised those with strong privacy needs to avoid the Internet for a few days at least to give websites and servers time to improve defenses and reset security credentials.

Computer security specialists on Tuesday raised alarm about a freshly discovered bug in online data-scrambling software that hackers can turn to their advantage.

The bug dubbed “Heartbleed” in OpenSSL encryption software lets attackers illicitly retrieve passwords and other bits of information from working memory on computer servers, according to cyber-defense specialists at Fox-IT.

OpenSSL is used to protect passwords, credit card numbers and other data coursing through the Internet.

“There is no limit on the number of attacks that can be performed,” Fox-IT said in a blog post that listed steps business IT handlers can take to thwart incursions.

Information considered at risk includes source codes, passwords, and “keys” that could be used to impersonate websites or unlock encrypted data.

“These are the crown jewels, the encryption keys themselves,” said a heartbleed.com website devoted to details of the vulnerability.

“Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will.”

Security researchers reported being able to dig out Yahoo password information by taking advantage of the bug. Yahoo released a statement Tuesday saying it had fixed the problem at its main online properties.

Fox-IT estimated that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.

OpenSSL is used by more than half of websites, but not all versions have the vulnerability, according to heartbleed.com.

The group behind open-source OpenSSL put out a security alert urging users to upgrade to an improved version of the software and gave credit for finding the bug to Neel Mehta of Google Security.

A blog post at the Tor Project website advised those with strong privacy needs to avoid the Internet for a few days at least to give websites and servers time to improve defenses and reset security credentials.

AFP
Written By

With 2,400 staff representing 100 different nationalities, AFP covers the world as a leading global news agency. AFP provides fast, comprehensive and verified coverage of the issues affecting our daily lives.

You may also like:

Tech & Science

As AI has become more and more sophisticated, it appears that many of the jobs (and skills) that were what set people apart are...

Tech & Science

Electric are sales are on the rise in the UK. What is the future for petrol cars?

World

Billionaire Elon Musk sparked controversy after making a gesture at an event celebrating US President Donald Trump's inauguration.

Business

The state of US healthcare is all too well-known Something like 131 million Americans are on medication.