Meridian Star

Community News Network

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
Community News Network
  • Why a see-through mouse is a big deal for scientists

    A group of Caltech researchers announced in Cell Thursday their success in making an entire organism transparent. Unfortunately, this isn't any kind of "Invisible Man" scenario: The organism in question is a mouse, and the mouse in question is quite dead.

    July 31, 2014

  • Screen Shot 2014-07-31 at 2.12.55 PM.png VIDEO: Five-year-old doesn't want her brother to grow up

    Sadie, an adorable 5-year-old from Phoenix, wants her brother to stay young forever, so much so that her emotional reaction to the thought of him getting older has drawn more than 10 million views on YouTube.

    July 31, 2014 1 Photo

  • lockport-police.jpg Police department turns to Facebook for guidance on use of 'negro'

    What seems to be a data entry mistake by a small town police department in western New York has turned into a social media firestorm centered around the word "negro" and whether it's acceptable to use in modern society.

    July 31, 2014 3 Photos

  • The virtues of lying

    Two computational scientists set out recently to simulate the effects of lying in a virtual human population. Their results, published in the Proceedings of the Royal Society B, show that lying is essential for the growth of a cohesive social network.

    July 31, 2014

  • Sunburn isn't the only sign of summer that can leave you itchy and blistered

    You've got a rash. You quickly rule out the usual suspects: You haven't been gardening or hiking or even picnicking, so it's probably not a plant irritant such as poison ivy or wild parsnip; likewise, it's probably not chiggers or ticks carrying Lyme disease; and you haven't been swimming in a pond, which can harbor the parasite that causes swimmer's itch.

    July 30, 2014

  • Survey results in legislation to battle sexual assault on campus

    Missouri U.S. Sen. Claire McCaskill joined a bipartisan group of senators Wednesday to announce legislation that aims to reduce the number of sexual assaults on college campuses.

    July 30, 2014

  • An alarming threat to airlines that no one's talking about

    It's been an abysmal year for the flying public. Planes have crashed in bad weather, disappeared over the Indian Ocean and tragically crossed paths with anti-aircraft missiles over Ukraine.

    July 30, 2014

  • Sharknado.jpg Sharknado 2 set to attack viewers tonight

    In the face of another "Sharknado" TV movie (the even-more-inane "Sharknado 2: The Second One," premiering Wednesday night on Syfy), there isn't much for a critic to say except to echo what the characters themselves so frequently scream when confronted by a great white shark spinning toward them in a funnel cloud:
    "LOOK OUT!!"

    July 30, 2014 1 Photo

  • 20140729-AMX-GIVHAN292.jpg Spanx stretches into new territory with jeans, but promised magic is elusive

    The Spanx empire of stomach-flattening, thigh-slimming, jiggle-reducing foundation garments has expanded to include what the brand promises is the mother of all body-shaping miracles: Spanx jeans.

    July 29, 2014 1 Photo

  • Medical marijuana opponents' most powerful argument is at odds with a mountain of research

    Opponents of marijuana legalization are rapidly losing the battle for hearts and minds. Simply put, the public understands that however you measure the consequences of marijuana use, the drug is significantly less harmful to users and society than tobacco or alcohol.

    July 29, 2014

Biz Marquee
New Today
Poll

Do you think the city of Meridian should aggressively enforce the city's code enforcement laws on litter, abandoned homes and overgrown lots by issuing tickets and stiff fines?

Yes
No
     View Results
Facebook
Facebook
Twitter Updates
Follow us on twitter
AP Video
Couple Channel Grief Into Soldiers' Retreat WWI Aviation Still Alive at Aerodrome in NY Raw: Rescuers at Taiwan Explosion Scene Raw: Woman Who Faced Death Over Faith in N.H. Clinton Before 9-11: Could Have Killed Bin Laden Netanyahu Vows to Destroy Hamas Tunnels Obama Slams Republicans Over Lawsuit House Leaders Trade Blame for Inaction Malaysian PM: Stop Fighting in Ukraine Cantor Warns of Instability, Terror in Farewell Ravens' Ray Rice: 'I Made a Huge Mistake' Florida Panther Rebound Upsets Ranchers Small Plane Crash in San Diego Parking Lot Busy Franco's Not Afraid of Overexposure Fighting Blocks Access to Ukraine Crash Site Dangerous Bacteria Kills One in Florida Workers Dig for Survivors After India Landslide Texas Scientists Study Ebola Virus Smartphone Powered Paper Plane Debuts at Airshow Southern Accent Reduction Class Cancelled in TN
Hyperlocal Search
Premier Guide
Find a business

Walking Fingers
Maps, Menus, Store hours, Coupons, and more...
Premier Guide