A flaw in
software that's widely used to secure Web communications means that passwords
and other highly sensitive data could be exposed. Some say they've already
found hundreds of Yahoo passwords. For more information on the malware and
which websites have created “patches” to avoid access to personal information
click on the link below.
Cnet - 100 websites with "Heartbleed" malware patches
FTC- Business Blog (By Nicole Vincent Fleming April 11, 2014 - 4:23pm)
http://www.business.ftc.gov/blog/2014/04/heartbleed-may-cause-you-some-heartache?Source=govdelivery
If you’re thinking “Heartbleed” sounds serious, you’re right. But it’s not a health condition. It’s a critical flaw in OpenSSL, a popular software program that’s used to secure websites and other services (like VPN and email). If your company relies on OpenSSL to encrypt data, take steps to fix the problem and limit the damage. Otherwise, your sensitive business documents and your customers’ personal information could be at risk.
About two-thirds of all web servers use OpenSSL, so it’s safe to say the small coding error recently discovered by researchers has big implications. The error, which has been in place for over two years, makes it possible for a hacker to grab information that’s supposed to be protected. Vulnerable web servers can be tricked into revealing random bits of data over and over, until the hacker gets something juicy, like the server’s encryption key.
Armed with the encryption key, a hacker can monitor all communication to and from a server including usernames, passwords, and credit card information or create a fake version of a trusted site that would fool browsers and users, alike. Worse yet, the hacker leaves no trace, so it’s nearly impossible to know the extent of the damage caused by Heartbleed.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.