Heartbleed : It could affect you too[/b]
As you may know by now Heartbleed has pretty much given the Internet its biggest scare. The security flaw allows potential attackers to get passwords, credit card information, and other information that’s usually encrypted.
Because Heartbleed’s threat is so massive, it’s very possible that a few individuals will end up becoming victims to identity theft. It’s as yet unclear whether any cyber criminal syndicates or hackers knew of its existence and have been using it, but ever since the revelations were made, there’s a state of panic among users. Because Heartbleed can break SSL encryption, Internet majors such as Google, Facebook, Yahoo, Dropbox, Tumblr, Amazon Web Services could be victims. Thankfully, a patch has been released which can thwart the Heartbleed attack, but users are still advised to change many of their passwords. Since some attackers could already have accessed your password, you are vulnerable regardless of whether the website in question has applied the patch. Cisco and Juniper both acknowledge that a range of products, including routers, firewalls and switches, are affected. Although most of these products are focused on corporate environments, some more consumer-oriented products could also be at risk. As website administrators scramble to patch their apps and servers, IT and security admins are likewise trying to ascertain the potential vulnerabilities for network hardware. In some cases, having vulnerable hardware could be just as bad — or worse — as having unpatched servers. With the right type of access and attack strategy, hackers could use the Heartbleed vulnerability to infiltrate a broader network. The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s Web sites rely upon to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors.
Around the same time that this severe flaw became public knowledge, a tool was released online that allowed anyone on the Internet to force Web site servers that were running vulnerable versions of OpenSSL to dump the most recent chunk of data processed by those servers. So which ones must you change?. It’s also reaching out to the top 10,000 websites to check on their vulnerability status.
As you may know by now Heartbleed has pretty much given the Internet its biggest scare. The security flaw allows potential attackers to get passwords, credit card information, and other information that’s usually encrypted.
Because Heartbleed’s threat is so massive, it’s very possible that a few individuals will end up becoming victims to identity theft. It’s as yet unclear whether any cyber criminal syndicates or hackers knew of its existence and have been using it, but ever since the revelations were made, there’s a state of panic among users. Because Heartbleed can break SSL encryption, Internet majors such as Google, Facebook, Yahoo, Dropbox, Tumblr, Amazon Web Services could be victims. Thankfully, a patch has been released which can thwart the Heartbleed attack, but users are still advised to change many of their passwords. Since some attackers could already have accessed your password, you are vulnerable regardless of whether the website in question has applied the patch. Cisco and Juniper both acknowledge that a range of products, including routers, firewalls and switches, are affected. Although most of these products are focused on corporate environments, some more consumer-oriented products could also be at risk. As website administrators scramble to patch their apps and servers, IT and security admins are likewise trying to ascertain the potential vulnerabilities for network hardware. In some cases, having vulnerable hardware could be just as bad — or worse — as having unpatched servers. With the right type of access and attack strategy, hackers could use the Heartbleed vulnerability to infiltrate a broader network. The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s Web sites rely upon to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors.
Around the same time that this severe flaw became public knowledge, a tool was released online that allowed anyone on the Internet to force Web site servers that were running vulnerable versions of OpenSSL to dump the most recent chunk of data processed by those servers. So which ones must you change?. It’s also reaching out to the top 10,000 websites to check on their vulnerability status.