Recently a flaw in the Internet code known as SSL was found, which allowed it to be exploited with malicious software, enabling others to steal information from individuals. Many websites over the past week have been updating their servers and security to try to work around the exploit, but for now it’s best to tread lightly while using personal information on the internet.A description of the Heartbleed Virus is given by heartbleed.com. “The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs),” The website read. “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users,” the website continued. Around Monday, April 7, 2014 the Heartbleed vulnerability was found in the Internet’s SSL code, which is a security code much of the Internet uses. The estimated amount of the Internet that was vulnerable to the breach was thought to be about 17 percent. According to a press release by Symantec, the company that makes Norton Antivirus, the Heartbleed Virus works by allowing people to view the history of systems using open SSL for security on their websites.
Through this they can get people’s passwords and even their credit card information. There’s a new fixed version of SSL available for websites to upgrade to. This updated version basically protects the services being affected from being able to be read like an open book. As soon as the upgrade is in place most websites recommend changing your password to something completely different, but don’t recommend changing it to something overly complex. Photography major Allison Curtis has received emails from several sites telling her to change her passwords. “The first website I received an email from was Norton which made sense since I use their anti-virus.
It told me to change my password for websites that had said to fix their vulnerability. But oddly I also received emails from places I have never visited before telling me to change all my passwords now which seemed odd to me,” Curtis explained. Web design major Joseph Plotner has also received mysterious emails. “Over the past couple of weeks I have noticed in my inbox websites sending me emails about ‘Heartbleed’ with many conflicting messages on how to keep my info secure. I personally wait until the log-ins of the websites I use tell me it’s safe to change my password but I am a bit scared that so many places I have never been to were also sending me emails,” Plotner said After the vulnerability was first found a lot of websites have begun to update their security for the accounts on them.
After the upgrades were completed many of these websites took an extra precaution by warning users on certain websites to change their password since it is now safe to do so without worrying about compromising their personal information. A man named Fillipo has developed a website that checks the servers of other websites to see if they are currently vulnerable.
He recently did an “Ask Me Anything” thread on Reddit, and detailed what his website does and even gave some more advice to users for what to do to browse safely on the Internet while this vulnerability is around. On the AMA, Fillipo said one of the best things to do is use an extension for browsers, either “Foxbleed” or “Chromebleed,” which check the vulnerability of the websites. If a red flag shows up, users should avoid logging into the website until it’s secure again. He also said to wait for the website to reveal what’s been exploited before panicking about anything like credit card information Fillipo also explained that even though there is currently a fix for the Heartbleed Virus, he wouldn’t be too surprised if another exploit is found again. The website currently shows that Cobra is not one of the websites vulnerable Heartbleed, so students don’t need to worry about logging into it.
source:
http://www.prospectusnews.com/heartbleed-virus-affects-internet-security-1.3163414#.U3tHIfmSyLA
http://365schoollife.blogspot.com/2014/05/heartbleed-virus.html#comment-form
0 comments:
Post a Comment