Niagara Gazette

Community News Network

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only | Photo Reprints
Community News Network
  • Dangerous Darkies Logo.png Redskins not the only nickname to cause a stir

    Daniel Snyder has come under fire for refusing to change the mascot of his NFL team, the Washington Redskins. The Redskins, however, are far from being the only controversial mascot in sports history.  Here is a sampling of athletic teams from all areas of the sports world that were outside the norm.

    July 28, 2014 3 Photos

  • 'Rebel' mascot rising from the dead

    Students and alumni from a Richmond, Va.-area high school are seeking to revive the school's historic mascot, a Confederate soldier known as the "Rebel Man," spurring debate about the appropriateness of public school connections to the Civil War and its icons.

    July 28, 2014

  • Fast food comes to standstill in China

    The shortage of meat is the result of China's latest food scandal, in which a Shanghai supplier allegedly tackled the problem of expired meat by putting it in new packaging and shipping it to fast-food restaurants around the country

    July 28, 2014

  • wd saturday tobias .jpg Stranger’s generosity stuns Ohio veteran

    Vietnam War veteran David A. Tobias was overwhelmed recently when a fellow customer at an OfficeMax store near Ashtabula, Ohio paid for a computer he was purchasing.

    July 28, 2014 1 Photo

  • Screen Shot 2014-07-28 at 1.33.11 PM.png VIDEO: High-dive accident caught on tape

    A woman at a water park in Idaho leaped off a 22-foot high dive platform, then tried to pull herself back up with frightening results. Fortunately, she escaped with only a cut to her finger.

    July 28, 2014 1 Photo

  • 072214 Diamond Llama 1.jpg Llama on the loose corralled in Missouri town

    A llama on the lam cruised Main Street Tuesday before it mistook a resident’s fenced backyard for a place to grab a meal and freshen up.

    July 22, 2014 2 Photos

  • Wal-Mart to cut prices more aggressively in back-to-school push

    Wal-Mart Stores plans to cut prices more aggressively during this year's back-to-school season and will add inventory to its online store as the chain battles retailers for student spending.

    July 21, 2014

  • 130408_NT_BEA_good kids We're raising a generation of timid kids

    A week ago, a woman was charged with leaving her child in the car while she went into a store. Her 11-year-old child. This week, a woman was arrested for allowing her 9-year-old daughter to go to the park alone. Which raises just one question: America, what the heck is wrong with you?

    July 17, 2014 1 Photo

  • NWS-HB0713-HowardMartin-004.jpg Airman laid to rest back home in Indiana six decades after death

    The mystery of what happened to a military transport plane that disappeared in the fall of 1952 into an Alaskan glacier was solved two years ago when a helicopter crew spotted the wreckage. But it took another two years to retrieve the remains of Airman Howard Miller and 16 other servicemen passengers. Saturday, Miller was laid to rest in his hometown of Elwood, Ind., with full military honors. Hundreds turned out for the funeral and burial services.

    July 13, 2014 2 Photos

  • New York to offer free lunch to all middle-school students

    New York's $75 billion spending plan for the fiscal year that began last week includes the first step toward offering free lunch for all 1.1 million students, expanding a program now reserved only for the city's poorest children.

    July 9, 2014

Featured Ads
House Ads
AP Video
Raw: 2 Shells Hit Fuel Tank at Gaza Power Plant Raw: Massive Explosions From Airstrikes in Gaza Giant Ketchup Bottle Water Tower Up for Sale Easier Nuclear Construction Promises Fall Short Kerry: Humanitarian Cease-fire Efforts Continue Raw: Corruption Trial Begins for Former Va Gov. The Carbon Trap: US Exports Global Warming UN Security Council Calls for Gaza Cease-fire Traditional African Dishes Teach Healthy Eating 13 Struck by Lightning on Calif. Beach Baseball Hall of Famers Inducted Israel, Hamas Trade Fire Despite Truce in Gaza Italy's Nibali Set to Win First Tour De France Raw: Shipwrecked Concordia Completes Last Voyage Raw: Sea Turtle Hatchlings Emerge From Nest Raw: Massive Dust Storm Covers Phoenix 12-hour Cease-fire in Gaza Fighting Begins Raw: Bolivian Dancers Attempt to Break Record Raw: Israel, Palestine Supporters Rally in US Raw: Air Algerie Flight 5017 Wreckage
Opinion
House Ads
Night & Day
Twitter News
Follow us on twitter
Hyperlocal Search
Premier Guide
Find a business

Walking Fingers
Maps, Menus, Store hours, Coupons, and more...
Premier Guide
Front page