• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

New ‘Heartbleed’ Bug Poses Threat to Data Security.....

MMC

MMC

Banned
DP Veteran
Joined
Feb 26, 2012
Messages
56,981
Reaction score
27,029
Location
Chicago Illinois
Gender
Male
Political Leaning
Private
Looks like we have a problem here with this New Computer Bug they found.....this thing has been up and running for 2 years. No one knows how much damage has been done. They are recommending people to change their passwords frequently too. As even Yahoo Mail has been breached. Maybe some of our techno people know how serious this is. As what I am getting.....it's serious.


virus-620x400.jpg


A newly discovered bug in widely used Web encryption technology has made data on many of the world’s major websites vulnerable to theft by hackers in what experts say is one of the most serious security flaws uncovered in recent years.

The finding of the so-called “Heartbleed” vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government’s Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions, a type of software known as OpenSSL.

It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet. “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon said on a website it built to provide information about the threat, heartbleed.com.

Computer security experts warned that means victims cannot tell if their data has been accessed which is troubling because the bug has existed for about two years. “If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website,” said Michael Coates, director of product security for Shape Security.....snip~

- See more at: New ‘Heartbleed’ bug poses threat to data security | KICD AM 1240
 
This hack was exposed quite a long time ago and patched. Not to mention it only applies to OpenSSL. The weakness introduced is one of the downsides with going open source.
 
clownboy said:
This hack was exposed quite a long time ago and patched. Not to mention it only applies to OpenSSL. The weakness introduced is one of the downsides with going open source.
Click to expand...

Heya CB :2wave: .....that's Right it was. But they are releasing warnings today. Here is another. Although this more for business and those with servers. Still.....if they got peoples passwords then they are in.



Why the 'Heartbleed' bug is a major threat to your online life.....


Heartbleed is a virtual bug that has found a way to beat many online security systems, and it’s something that could have tremendous impact on online users.

The bug is incredibly dangerous for users, as it can infiltrate website codes and find user names and passwords. It’s not your typical virtual virus, according to ReadWrite.

“The short version is that it's a vulnerability in the way your browser talks to a website over an encrypted channel,” ReadWrite reported. “An attacker could theoretically take advantage of the bug to unravel the secure channels used by banks, e-commerce sites and other sensitive locations to steal passwords and other sensitive information.”

The Washington Post also offered a list of things users should know about the Heartbleed security malfunction, offering frequently asked questions to help users understand the bug.

“It’s as if your front door has a defective lock,” wrote Gail Sullivan for The Post. “Someone could get in as long as it’s not fixed. But that does not mean they’ve already gained entry.”

Unfortunately, users can’t do much about it.

The problem is mostly on servers,” Sullivan said. “A fix is available and being implemented by Web companies. Most experts are advising consumers not to rush out and change their passwords until the fix is complete.

There’s an online search that allows users to check websites to see if their login details can be stolen. The Atlantic reported on the search device, giving a step-by-step guide on how it can be used. Writer James Fallows wrote for The Atlantic that if a site is marked as safe, it would make sense to change your password for that website.

And The Los Angeles Times said that this bug puts Web security at a severe risk. There’s so much uncertainty with the Heartbleed situation, leading to a lot of questions that might not have answers.....snip~

Why the 'Heartbleed' bug is a major threat to your online life | Deseret News

Yeah, and again that was Not to Rush out and change passwords.
 
Last edited:
Yeah, the zero day warnings were put out to admins. As with most bugs at this level, the public hears about it only after the fix should have taken place.
 
Gipper said:
My porn's safe, right?
Click to expand...

Porn has always been at the forefront of the web and they have the bucks to hire the very best admins and security personnel. As to how safe you are with your porn, that's goes a different way. :mrgreen:
 
MMC said:
Looks like we have a problem here with this New Computer Bug they found.....this thing has been up and running for 2 years. No one knows how much damage has been done. They are recommending people to change their passwords frequently too. As even Yahoo Mail has been breached. Maybe some of our techno people know how serious this is. As what I am getting.....it's serious.


virus-620x400.jpg


A newly discovered bug in widely used Web encryption technology has made data on many of the world’s major websites vulnerable to theft by hackers in what experts say is one of the most serious security flaws uncovered in recent years.

The finding of the so-called “Heartbleed” vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government’s Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions, a type of software known as OpenSSL.

It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet. “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace,” Codenomicon said on a website it built to provide information about the threat, heartbleed.com.

Computer security experts warned that means victims cannot tell if their data has been accessed which is troubling because the bug has existed for about two years. “If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website,” said Michael Coates, director of product security for Shape Security.....snip~

- See more at: New ‘Heartbleed’ bug poses threat to data security | KICD AM 1240
Click to expand...



I saw this this morning.

It is an old hack, but a powerful one and has already shut down Canada's tax department, not a mean feet at all....


Heartbleed bug may shut Revenue Canada website until weekend - Business - CBC News
 
clownboy said:
Bet they're regretting that open source move a tad. :mrgreen:
Click to expand...

So they have known about it.....but can't close it down CB? So then it is serious correct?
 
MMC said:
So they have known about it.....but can't close it down CB? So then it is serious correct?
Click to expand...

Couple things. The Canadian government decided a few years ago to go all open source software, now they're feeling the one of consequences of that move. Yes, this was a serious exploit. It came from an error introduced into OpenSSL by the open source community. However, it was patched soon after discovery. What's left now are the folks who did not apply the patch and are running expoitable protocol.
 
So any techies on here, as an average home user, am I relatively safe at this time?
 
Is this getting any better?


Heartbleed’ online bug hits 1.5 million users of British parenting site.....

British parenting website Mumsnet is the latest organisation to have been hacked due to the “Heartbleed” bug, founder Justine Roberts revealed on Monday.

“Last week we became aware of the Heartbleed bug and immediately applied a fix to close the OpenSSL security hole,” she said in a statement.

“However, it became apparent that users’ data submitted via our login page had been accessed prior to our applying this fix.”

All 1.5 million registered users were asked to change their passwords, and Roberts did not know how many users had had data stolen.

“The worst case scenario is that the data of every Mumsnet user account was accessed,” she said.

Officials in Ottawa on Monday announced personal data for as many as 900 Canadian taxpayers had been stolen after being made vulnerable by the bug.

The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.....snip~

‘Heartbleed’ online bug hits 1.5 million users of British parenting site | The Raw Story
 
You must log in or register to reply here.
Back
Top Bottom