Heartbleed bug puts online encrypted data at risk

By Kul Bhushan | Updated 9 Apr 2014
Heartbleed bug puts online encrypted data at risk
  • A major new vulnerability found in the OpenSSL program can breach encryption on much of the Internet, putting passwords and data at risk.

A new serious vulnerability in open source software called OpenSSL that’s extensively used for encrypting web communications has been spotted. Called Heartbleed, the flaw allows attackers to gain access to users’ passwords and befool users by using fake versions of websites.

advertisements

Heartbleed is capable of gaining access to server’s memory, where most of the critical data is saved. This includes data such as usernames, passwords and credit card numbers. Hackers can also use the exploit to get copies of server’s digital keys and use it to mimic servers or to decrypt web communications.

Unlike the previous flaws found, this one is considered to be more serious and lethal. Heartbleed may affect several mainstream and social networking websites.

"We were able to scrape a Yahoo username & password via the Heartbleed bug," tweeted Ronald Prins of security firm Fox-IT, showing a censored example. Added developer Scott Galloway, "Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!"

Yahoo claimed it has fixed the primary vulnerability on its main sites: "As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."

advertisements

A tool has been published that helps track sites for Heartbleed vulnerability. The tool reveals websites Google, Microsoft, Twitter, Facebook, Dropbox, and others unaffected.

Source: CNET

advertisements
advertisements
Kul Bhushan
advertisements
ASK DIGIT

Recent Questions

what is meant by a bug
t ruth pushpalatha
Sept 26, 2014
Responses 6
Animesh Kant
Sept 29, 2014
Aditya Malpure
Sept 29, 2014
Aditya Malpure
Sept 29, 2014
CHRISTIANA JOHN
Oct 1, 2014
CHRISTIANA JOHN
Oct 1, 2014
Vijay Sankar
Oct 4, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements