Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

  1. #1
    Banned
    Join Date
    Feb 2012
    Location
    Chicago Illinois
    Last Seen
    10-14-15 @ 09:28 AM
    Gender
    Lean
    Private
    Posts
    56,981

    New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Looks like we have a problem here with this New Computer Bug they found.....this thing has been up and running for 2 years. No one knows how much damage has been done. They are recommending people to change their passwords frequently too. As even Yahoo Mail has been breached. Maybe some of our techno people know how serious this is. As what I am getting.....it's serious.




    A newly discovered bug in widely used Web encryption technology has made data on many of the world’s major websites vulnerable to theft by hackers in what experts say is one of the most serious security flaws uncovered in recent years.

    The finding of the so-called “Heartbleed” vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government’s Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions, a type of software known as OpenSSL.

    It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet. “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon said on a website it built to provide information about the threat, heartbleed.com.

    Computer security experts warned that means victims cannot tell if their data has been accessed which is troubling because the bug has existed for about two years. “If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website,” said Michael Coates, director of product security for Shape Security.....snip~

    - See more at: New ‘Heartbleed’ bug poses threat to data security | KICD AM 1240

  2. #2
    Sage
    clownboy's Avatar
    Join Date
    May 2012
    Location
    Oregon
    Last Seen
    08-17-16 @ 10:31 PM
    Gender
    Lean
    Other
    Posts
    26,087

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    This hack was exposed quite a long time ago and patched. Not to mention it only applies to OpenSSL. The weakness introduced is one of the downsides with going open source.

  3. #3
    Banned
    Join Date
    Feb 2012
    Location
    Chicago Illinois
    Last Seen
    10-14-15 @ 09:28 AM
    Gender
    Lean
    Private
    Posts
    56,981

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by clownboy View Post
    This hack was exposed quite a long time ago and patched. Not to mention it only applies to OpenSSL. The weakness introduced is one of the downsides with going open source.
    Heya CB .....that's Right it was. But they are releasing warnings today. Here is another. Although this more for business and those with servers. Still.....if they got peoples passwords then they are in.



    Why the 'Heartbleed' bug is a major threat to your online life.....


    Heartbleed is a virtual bug that has found a way to beat many online security systems, and it’s something that could have tremendous impact on online users.

    The bug is incredibly dangerous for users, as it can infiltrate website codes and find user names and passwords. It’s not your typical virtual virus, according to ReadWrite.

    “The short version is that it's a vulnerability in the way your browser talks to a website over an encrypted channel,” ReadWrite reported. “An attacker could theoretically take advantage of the bug to unravel the secure channels used by banks, e-commerce sites and other sensitive locations to steal passwords and other sensitive information.”

    The Washington Post also offered a list of things users should know about the Heartbleed security malfunction, offering frequently asked questions to help users understand the bug.

    “It’s as if your front door has a defective lock,” wrote Gail Sullivan for The Post. “Someone could get in as long as it’s not fixed. But that does not mean they’ve already gained entry.”

    Unfortunately, users can’t do much about it.

    The problem is mostly on servers,” Sullivan said. “A fix is available and being implemented by Web companies. Most experts are advising consumers not to rush out and change their passwords until the fix is complete.

    There’s an online search that allows users to check websites to see if their login details can be stolen. The Atlantic reported on the search device, giving a step-by-step guide on how it can be used. Writer James Fallows wrote for The Atlantic that if a site is marked as safe, it would make sense to change your password for that website.

    And The Los Angeles Times said that this bug puts Web security at a severe risk. There’s so much uncertainty with the Heartbleed situation, leading to a lot of questions that might not have answers.....snip~

    Why the 'Heartbleed' bug is a major threat to your online life | Deseret News

    Yeah, and again that was Not to Rush out and change passwords.
    Last edited by MMC; 04-09-14 at 05:53 PM.

  4. #4
    Sage
    clownboy's Avatar
    Join Date
    May 2012
    Location
    Oregon
    Last Seen
    08-17-16 @ 10:31 PM
    Gender
    Lean
    Other
    Posts
    26,087

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Yeah, the zero day warnings were put out to admins. As with most bugs at this level, the public hears about it only after the fix should have taken place.

  5. #5
    Banned
    Join Date
    Feb 2008
    Location
    Theoretical Physics Lab
    Last Seen
    01-06-15 @ 11:06 AM
    Gender
    Lean
    Libertarian - Right
    Posts
    25,120

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    My porn's safe, right?

  6. #6
    Sage
    clownboy's Avatar
    Join Date
    May 2012
    Location
    Oregon
    Last Seen
    08-17-16 @ 10:31 PM
    Gender
    Lean
    Other
    Posts
    26,087

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by Gipper View Post
    My porn's safe, right?
    Porn has always been at the forefront of the web and they have the bucks to hire the very best admins and security personnel. As to how safe you are with your porn, that's goes a different way.

  7. #7
    Left the building
    Fearandloathing's Avatar
    Join Date
    Jan 2012
    Location
    Vancouver, Canada Dual citizen
    Last Seen
    Today @ 03:08 AM
    Gender
    Lean
    Independent
    Posts
    18,429

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by MMC View Post
    Looks like we have a problem here with this New Computer Bug they found.....this thing has been up and running for 2 years. No one knows how much damage has been done. They are recommending people to change their passwords frequently too. As even Yahoo Mail has been breached. Maybe some of our techno people know how serious this is. As what I am getting.....it's serious.




    A newly discovered bug in widely used Web encryption technology has made data on many of the world’s major websites vulnerable to theft by hackers in what experts say is one of the most serious security flaws uncovered in recent years.

    The finding of the so-called “Heartbleed” vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government’s Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions, a type of software known as OpenSSL.

    It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet. “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon said on a website it built to provide information about the threat, heartbleed.com.

    Computer security experts warned that means victims cannot tell if their data has been accessed which is troubling because the bug has existed for about two years. “If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website,” said Michael Coates, director of product security for Shape Security.....snip~

    - See more at: New ‘Heartbleed’ bug poses threat to data security | KICD AM 1240


    I saw this this morning.

    It is an old hack, but a powerful one and has already shut down Canada's tax department, not a mean feet at all....


    Heartbleed bug may shut Revenue Canada website until weekend - Business - CBC News
    ""You know, when we sell to other countries, even if they're allies -- you never know about an ally. An ally can turn."
    Donald Trump, 11/23/17

  8. #8
    Sage
    clownboy's Avatar
    Join Date
    May 2012
    Location
    Oregon
    Last Seen
    08-17-16 @ 10:31 PM
    Gender
    Lean
    Other
    Posts
    26,087

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by Fearandloathing View Post
    I saw this this morning.

    It is an old hack, but a powerful one and has already shut down Canada's tax department, not a mean feet at all....


    Heartbleed bug may shut Revenue Canada website until weekend - Business - CBC News
    Bet they're regretting that open source move a tad.

  9. #9
    Banned
    Join Date
    Feb 2012
    Location
    Chicago Illinois
    Last Seen
    10-14-15 @ 09:28 AM
    Gender
    Lean
    Private
    Posts
    56,981

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by clownboy View Post
    Bet they're regretting that open source move a tad.
    So they have known about it.....but can't close it down CB? So then it is serious correct?

  10. #10
    Sage
    clownboy's Avatar
    Join Date
    May 2012
    Location
    Oregon
    Last Seen
    08-17-16 @ 10:31 PM
    Gender
    Lean
    Other
    Posts
    26,087

    Re: New ‘Heartbleed’ Bug Poses Threat to Data Security.....

    Quote Originally Posted by MMC View Post
    So they have known about it.....but can't close it down CB? So then it is serious correct?
    Couple things. The Canadian government decided a few years ago to go all open source software, now they're feeling the one of consequences of that move. Yes, this was a serious exploit. It came from an error introduced into OpenSSL by the open source community. However, it was patched soon after discovery. What's left now are the folks who did not apply the patch and are running expoitable protocol.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •