Users urged to change passwords in Heartbleed aftermath

Major security flaw discovered; Heartbleed bug could affect everyone, say experts

Tags: IncorporatedCodenomicon ( crimeFacebook IncorporationGoogle IncorporatedYahoo! Incorporated
  • E-Mail
Users urged to change passwords in Heartbleed aftermath Users have been advised to change their passwords to protect against Heartbleed.
By  Helen Gaskell Published  April 10, 2014

Several tech firms are urging people to change all their passwords after the discovery of a major security flaw, the BBC reported.

Security advisers have given similar warnings about The Heartbleed bug which has been given its name to reflect data leaking from servers, but many say there is very little that Internet users can do to protect themselves.

The bug was discovered earlier this week by Finnish security company, Codenomicon. David Chartier, CEO, told International Business Times how it was found: "We attack the software with unexpected messages and see how it reacts. When you do this, you can find messages or characters or something that causes the system you're testing to crash. This is the building block of software vulnerabilities that can be exploited."

Researchers observed sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used Web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers.

OpenSSL is used on about two thirds of all Web servers, but the issue has gone undetected for about two years.

Kurt Baumgartner, a researcher with security software maker Kaspersky Lab, said his firm uncovered evidence on Monday that a few hacking groups believed to be involved in state-sponsored cyber espionage were running such scans shortly after news of the bug first surfaced the same day.

"The problem is insidious," Baumgartner said. "Now it is amateur hour. Everybody is doing it."

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code