#endusers #Heartbleed: Hundreds of thousands of servers at risk from catastrophic bug
Ashie S Hirji stashed this in Internet
Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web -- the one that keeps your email, banking, shopping, passwords and communications private. Hundreds of thousands of web and email servers worldwide have a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections, experts say. They could also leak personal information to hackers when people carry out searches or log into email. The bug, called "Heartbleed", affects web servers running a package called OpenSSL.
How does it work?
The bug created an opening in the encryption software, which left web traffic on servers using OpenSSL open to potential snooping. This means that vast amounts of sensitive personal information, including millions of passwords and credit card numbers have been unwittingly left vulnerable to theft. Read more: http://www.ctvnews.ca/sci-tech/how-to-protect-yourself-against-the-heartbleed-bug-1.1768118#ixzz2yc32DfrF
Yeah, it affects web servers. Not much consumers can do about it.
Except maybe read this:
Thank you Adam
Isn't it funny experts are all concerned... here we are, in a world full of crazy people and criminals, Companies doing global commerce over the web and Internet a massive infrastructure dependent on technology (internet protocol) this medium was developed originally for sending and sharing research data among trusted academics at universities and it was always unprotected. Heartbleed, however, is particularly vexing to security experts because it allows hackers to slip in and out of the Internet’s most deeply encrypted systems without leaving a trace. The flaw had gone undetected for more than two years, until it was revealed this week.
It had gone undetected by the press and the tech industry, but clearly some bad guys knew about it.
The same day the U.S. government warned that hackers are seeking to steal data exposed by the "Heartbleed" bug, Bloomberg News is reporting that the U.S. government itself has been using Heartbleed to steal data for two years.
Meanwhile, a German programmer took responsibility for the widespread security crisis. http://www.cbc.ca/news/technology/nsa-used-heartbleed-to-spy-for-2-years-report-says-1.2606960?cmp=rss
So it was not a deliberate leaky abstraction but the U.S. government benefited from exploiting it.
Heartbleed security patches prove costlyWhat do the Heartbleed security flaws mean to US intelligence agencies?