Heartbleed Bug Breaks Worldwide Internet Security Again

By Unknown | 3:42 AM Leave a Comment


Two days after the revelation of a security flaw in the OpenSSL protocol, called "Heartbleed", the latter is described by some as "the worst nightmare" that canhappen about the safety of Internet transactions.

The software free OpenSSL is installed on servers numerous sites toestablish encrypted and secure connections between it and its users.Numerous websites use OpenSSL to secure their trade. This precaution is identifiable, for example, when a lock is displayed when an online payment, or when a site URL begins with "https" (the "s" stands for "secure").
The bug Heartbleed (whose origin is to be an error of a German developer programming ) allows, in theory, for hackers to retrieve a lot of information about site users using this protocol security ( their usernames and passwords, codes of bank cards, etc..).

The extent of damage is not known, no one has been able to tell yet if hackers have discovered this bug before its identification by engineers and the global alert issued Monday, April 7The latter states that the bug is present in all versions of OpenSSL software released since March 2012. And its exploitation by malicious people leaves no trace.


UPDATE MANY SITES
Many sites were affected by the problem, since the announcement, said to have carried out the necessary update to address the vulnerability. This means that users of these sites, the data could be before it accessible to hackers because of Heartbleed can now change their usernames and passwords. This in order to be sure that nobody can use data that could beobtained by exploiting the bug, between March 2012 and April 7.
"If people are identified on one of these services during a time when he was vulnerable, there is a risk that the password has been harvested. It is a good idea to change passwords on all portals have updated OpenSSL " , provides an expert in computer security for the BBC .
Among the sites below, several have also explicitly asked their users toupdate their credentials. Others simply said to have filled the security flaw, without specifying whether or not to change his password.
Since, by the admission of engineers Google Heartbleed having discovered,"the exploitation of this bug [by pirates] leaves no abnormal trace" and is undetectablewe you recommend creating a new password ( which is pa s"password" or "123456") for all sites that have announced have made ​​an update for OpenSSL.


  • . Facebook According to the statement of the network share to Mashable : "We protected our OpenSSL protocol before the problem was made ​​public [through information shared directly by Google engineers working on OpenSSL]. We did not detect any suspicious activities on accountsFacebook related to this bug. However, we encourage users to take advantage of this opportunity to put in place a new unique password forFacebook . "
  • Google, and more specifically its applications Gmail, YouTube, Wallet ,Play.  "We evaluated the OpenSSL vulnerability and have decided toapply a security patch to key Google services such as search, Gmail, YouTube, Wallet, Play, Apps and App Engine " , say teams Google security on their blog .
  • Yahoo! services including Yahoo! Mail, Flickr and Tumblr are concerned, said that  "the appropriate corrections were made ​​to all the portal."  teams Tumblr push their users to change all passwords on all websites.
  • Airbnb and Netflix. The Wall Street Journal reports that these two services have updated their OpenSSL protocol after the publication of the alert Monday, April 7.
  • Dropbox. storage service online said to have made ​​a security update for all its services.
  • Pinterest. "We repaired the problem on Pinterest.com and have found no evidence of fraud. However, to be prudent, we sent to users that couldbe relevant emails to change their passwords " , explained the social network teams to Mashable.
  • Instagram. "No s security teams worked quickly to fix the problem, and we did not find evidence to the effect that a user account was affected.But since this league has an impact on many services, we recommend that you change your password on Instagram, especially if you use the same on other sites " , can be read on Mashable.
  • Twitter. Social network ensures that "its servers and API were not affected by the vulnerability" , but nevertheless told Mashable have updated its protocols OpenSSL.
  • Or, according to information collected by Mashable, the site Etsy , iThub , IFTTT, video game Minecraft , dating service OKCupid, SoundCloud.



Note: this list is likely to be updated, services such as WordPress havingsaid they were still trying to apply the appropriate patches.




Related Items

0 comments:

Post a Comment