The Herald Bulletin

Afternoon Update

Community News Network

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
Community News Network
  • sleepchart.jpg America’s sleep-deprived cities

    Americans might run on sleep, but those living in the country's largest cities don't appear to run on much.

    August 20, 2014 1 Photo

  • Who should pay for your kids ACT?

    Thirteen states paid for 11th-grade students in all public high schools to take the ACT college admission test this year, with several more planning to join them in 2015.

    August 20, 2014

  • Pets.jpg Why do people look like their pets?

    As much as we might quibble over the virtues and vices of Canis domesticus, however, and over whether human nature is any better or worse than dog nature, even dog fanciers don't usually want to look like a dog.

    August 20, 2014 1 Photo

  • Ice bucket challenge trending up

    Internet trends are a dime a dozen these days. Everything from Tebowing to planking to the cinnamon challenge can cause a wave of social media activity that can last for weeks before fizzling out.

    August 19, 2014

  • Africa goes medieval in its fight against Ebola

    As the Ebola epidemic claims new victims at an ever-increasing rate, African governments in Sierra Leone, Guinea and Liberia have instituted a "cordon sanitaire," deploying troops to forcibly isolate the inhabitants in an area containing most of the cases.

    August 18, 2014

  • Democrat? Republican? There's an app for that

    If you're a Republican, you might want to think twice before buying Lipton Iced Tea, and forget about Starbucks coffee. If you're a Democrat, put down that Reese's Peanut Butter Cup, and throw away the cylinder of Quaker Oats in your pantry.

    August 18, 2014

  • Five myths about presidential vacations

    In the nuclear age, presidents may have only minutes to make a decision that could affect the entire world. They don't so much leave the White House as they take a miniature version of it with them wherever they go.

    August 15, 2014

  • Can 6 seconds launch a career? A generation of Vine stars sure hopes so.

    A year ago, Shawn Mendes filmed himself singing a tentative acoustic cover of the Justin Bieber song "As Long as You Love Me" and put the results on Vine. He wasn't expecting much response. "I didn't really want anything to happen; I just kind of wanted to see what people would think," says Mendes, 16. "I posted that first Vine and woke up the next morning with 10,000 followers. That was pretty cool."

    August 14, 2014

  • Freshman.jpg 8 crucial tips for college freshmen

    With school starting back up around the country, no one has a bigger deer-in-the-headlights look than college freshmen.

    August 14, 2014 1 Photo

  • A night in Ferguson

    For the past week in Ferguson, reporters have been using the McDonald's a few blocks from the scene of Michael Brown's shooting as a staging area. Demonstrations have blown up each night nearby.

    August 14, 2014

Featured Ads
More Resources from The Herald Bulletin
AP Video
Obama: World Is Appalled by Murder of Journalist Israel, Militants Trade Fire After Talks Fail Pres. George W. Bush Takes Ice Bucket Challenge Pierce Brosnan's Call to Join the Expendables Changes Coming to No-Fly List Raw: IDF Footage Said to Show Airstrikes Police: Ferguson More Peaceful Raw: Aftermath of Airstrike in Gaza Raw: Thousands March on Pakistani Parliament Raw: World's Oldest Man Lives in Japan Fire Crews Tame Yosemite Fire Raw: Police Weapon Drawn Near Protesters, Media Raw: Explosions in Gaza As Airstrikes Resume Charter Schools Alter Post-Katrina Landscape Texas Gov. Perry: Indictment 'a Political Act' US Officials: Video Shows American's Beheading Video Shows Ferguson Cop Months Before Shooting Water Bottles Recalled for Safety Researcher Testing On-Field Concussion Scanners
Parade
Magazine

Click HERE to read all your Parade favorites including Hollywood Wire, Celebrity interviews and photo galleries, Food recipes and cooking tips, Games and lots more.
Hyperlocal Search
Premier Guide
Find a business

Walking Fingers
Maps, Menus, Store hours, Coupons, and more...
Premier Guide
Helium debate
Helium
Front page
Poll

Have you been to Mounds Mall to see the “Imagine Mounds Lake” display?

Yes, and it solidified my support
Yes, but I'm still opposed
No
     View Results