heartbleed bug a critical internet illness
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Last Updated : GMT 09:40:38
Themuslimchronicle, themuslimchronicle

Heartbleed bug a critical Internet illness

Themuslimchronicle, themuslimchronicle

Themuslimchronicle, themuslimchronicleHeartbleed bug a critical Internet illness

San Francisco - AFP

The "Heartbleed" flaw in Internet security is as critical as thename implies and wider spread than first believed.Warnings about the danger exposed early this week reached widening circles onThursday, with everyone from website operators and bank officials to Internetsurfers and workers who tele-commute being told their data could be in danger."Heartbleed is a catastrophic bug in OpenSSL," well-known computer security specialist Bruce Schneier said in a post at his schneier.com website.OpenSSL is a commonly used software platform for encrypted transactions at"https" websites that Internet users have been taught to trust.The Heartbleed flaw lets hackers snatch packets of data from working memory incomputers, creating the potential for them to steal passwords, encryption keys, orother valuable information."This is going to be a pretty devastating bug," Trustwave security research managerJohn Miller told AFP."Even after the majority of it is fixed on the Internet, there will be internal servicesvulnerable."- Threat widens -The Heartbleed flaw can be found in virtual private network (VPN) softwarecommonly used by workers on the go to securely link with company computernetworks.Computer networking titans Cisco and Juniper put out advisories on Thursday thatsome of their data-handling gear is susceptible to the bug."An exploit could allow the attacker to disclose a limited portion of memory from aconnected client or server," California-based Cisco said in an advisory note."The disclosed portions of memory could contain sensitive information."Canada's tax agency shuttered its website Wednesday after warning that encryptedtaxpayer data could be vulnerable.OpenSSL is commonly used to protect passwords, credit card numbers and other data sent via the Internet.Web masters have been scrambling to update to safe versions of OpenSSL. Thevulnerability has existed for about two years, since the version of OpenSSL at issuewas released.The Tor Project devoted to letting people use the Internet anonymously advisedthose in need of privacy to stay offline until the Heartbleed threat is ameliorated.- Crown jewels at risk Information considered at risk includes source codes, passwords, and "keys" thatcould be used to impersonate websites or unlock encrypted data."These are the crown jewels, the encryption keys themselves," said a heartbleed.comwebsite devoted to details of the vulnerability."Leaked secret keys allows the attacker to decrypt any past and future traffic to theprotected services and to impersonate the service at will."The flaw in OpenSSL allows a hacker to read the memory of a machine working thesoftware, but no more than 64 kilobytes of data at a time, according to securityspecialists.However, hackers could repeatedly grab packets of memory to ramp up the odds ofstealing valuable data."We don't know how actively Heartbleed was exploited before publication of thevulnerability," Trustwave's Miller told AFP."Since Monday, when they published, it has been used a lot. People have beenexecuting the attack all over the Internet." OpenSSL is used by more than half of websites, but not all versions have thevulnerability, according to heartbleed.com.The group behind open-source OpenSSL is urging users to upgrade to an improvedversion of the software and gave credit for finding the bug to Neel Mehta of GoogleSecurity.Major websites and services were given advanced word of the Heartbleed flaw toallow time for patches to be put in place before the flaw was made public.Miller and other security specialists said Heartbleed appeared to be the result of amistake in writing the OpenSSL code.Software patches and updates were being rushed out, but it was expected to taketime for websites, businesses, router makers and others on the growing list of thoseat risk to replace software keys used to prevent impersonation or safeguardencrypted data.Websites need to change credentials used to verify authenticity in order to preventhackers who may have looted the data from impersonating legitimate online venueand tricking visitors to enter valuable personal information.Internet users were advised to change passwords to online accounts or services, butonly after checking to make sure the Heartbleed flaw has been fixed and newcertificates of online identity installed.While Heartbleed has shaken trust in the Internet, it may well wind up providinginsight into which websites or services deserve to be trusted."I don't think its a matter of losing faith," Miller said."It is really going to be an individual measure of how organizations respond; andwe can start to judge their security postures.

themuslimchronicle
themuslimchronicle

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

heartbleed bug a critical internet illness heartbleed bug a critical internet illness

 



Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle

GMT 15:40 2017 Monday ,27 March

Hollande in final foreign tour of his term

GMT 15:03 2012 Friday ,07 September

William: King and Conqueror

GMT 09:02 2018 Monday ,22 January

Uggs, pigs and tartan

GMT 08:14 2018 Sunday ,14 January

Fossil fuels blown away by wind

GMT 09:07 2017 Saturday ,29 July

Bosy says Mistake to present 'Lovers’ Palace'

GMT 08:35 2017 Friday ,11 August

Powered by record sprees, Premier League ready

GMT 09:31 2016 Monday ,25 January

Vonn wins super-G to close on Stenmark's record

GMT 16:11 2017 Tuesday ,19 December

Minister receives top EWA officials

GMT 13:42 2017 Wednesday ,01 March

Kalam Nawaem made a difference in social issues

GMT 03:42 2013 Friday ,21 June

A woman\'s face drives relationship length

GMT 17:46 2017 Sunday ,19 February

We seek to solve al-Raja crisis

GMT 03:25 2016 Tuesday ,30 August

70 police killed in Rio de Janeiro in 2016
Themuslimchronicle, themuslimchronicle
Themuslimchronicle, themuslimchronicle
 
 Themuslimchronicle Facebook,themuslimchronicle facebook  Themuslimchronicle Twitter,themuslimchronicle twitter Themuslimchronicle Rss,themuslimchronicle rss  Themuslimchronicle Youtube,themuslimchronicle youtube  Themuslimchronicle Youtube,themuslimchronicle youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2023 ©

muslimchronicle muslimchronicle muslimchronicle muslimchronicle
themuslimchronicle themuslimchronicle themuslimchronicle
themuslimchronicle
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
themuslimchronicle, themuslimchronicle, themuslimchronicle