The Herald, Sharon, Pa.

Community News Network

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
Community News Network
  • 072214 Diamond Llama 1.jpg Llama on the loose corralled in Missouri town

    A llama on the lam cruised Main Street Tuesday before it mistook a resident’s fenced backyard for a place to grab a meal and freshen up.

    July 22, 2014 2 Photos

  • An oncologist uses scorpion venom to locate cancer cells

    Olson, a pediatric oncologist and research scientist in Seattle, has developed a compound he calls Tumor Paint. When injected into a cancer patient, it seems to light up all the malignant cells so surgeons can easily locate and excise them.

    July 22, 2014

  • Screen Shot 2014-07-22 at 2.00.42 PM.png VIDEO: Train collides with semi truck carrying lighter fluid

    A truck driver from Washington is fortunate to be alive after driving his semi onto a set of tracks near Somerset, Ky., and being struck by a locomotive, which ignited his load of charcoal lighter fluid.

    July 22, 2014 1 Photo

  • mama.jpg What we get wrong about millennials living at home

    If the media is to be believed, America is facing a major crisis. "Kids," some age 25, 26, or even 30 years old, are living out of their childhood bedrooms and basements at alarmingly high numbers. The hand-wringing overlooks one problem: It's all overblown.

    July 22, 2014 1 Photo

  • Wal-Mart to cut prices more aggressively in back-to-school push

    Wal-Mart Stores plans to cut prices more aggressively during this year's back-to-school season and will add inventory to its online store as the chain battles retailers for student spending.

    July 21, 2014

  • Hospitals let patients schedule ER visits

    Three times within a week, 34-year-old Michael Granillo went to the emergency room at Northridge Hospital Medical Center in Los Angeles because of intense back pain. Each time, Granillo, who didn't have insurance, stayed for less than an hour before leaving without being seen by a doctor.

    July 21, 2014

  • Starved Pennsylvania 7-year-old weighed only 25 pounds

    A 7-year-old Pennsylvania boy authorities described as being so underweight he looked like a human skeleton has been released from the hospital.

    July 21, 2014

  • Malaysians wonder 'Why us?' after second loss of airline jet

    It was all too familiar. Grieving families rushing to airport. The flashing television graphics of a plane's last radar appearance. The uncomfortable officials before a heavy thicket of microphones.
    For many Malaysians, the disappearance of Flight 370 in March has been a long trauma from which the nation has not yet recovered.

    July 18, 2014

  • A quarter of the world's most educated people live in the 100 largest cities

    College graduates are increasingly sorting themselves into high-cost, high-amenity cities such as Washington, New York, Boston and San Francisco, a phenomenon that threatens to segregate us across the country by education.

    July 18, 2014

  • Your chocolate addiction is only going to get more expensive

    For nearly two years, cocoa prices have been on the rise. Finally, that's affecting the price you pay for a bar of chocolate - and there's reason to believe it's only the beginning.

    July 18, 2014

  • Facebook tests button to let people shop from its website

    Members on desktop computers or mobile devices can click a "buy" button to make purchases through advertisements or other posts on the world's largest social network, the Menlo Park, California-based company said Thursday in a blog post.

    July 17, 2014

  • The terrible history of passenger planes getting shot out of the sky

    What is more clear is that, if initial reports are true, this would be the deadliest incident of a civilian passenger plane being shot down in modern memory. In some instances, the causes of the disaster are still shrouded in mystery. Here are some of the worst events.

    July 17, 2014

  • 130408_NT_BEA_good kids We're raising a generation of timid kids

    A week ago, a woman was charged with leaving her child in the car while she went into a store. Her 11-year-old child. This week, a woman was arrested for allowing her 9-year-old daughter to go to the park alone. Which raises just one question: America, what the heck is wrong with you?

    July 17, 2014 1 Photo

  • web_starbucks-cof_big_ce.jpg Starbucks sees more Apple-like stores after Colombia debut

    This week Starbucks opened its first location in Colombia — a 2,700-square-foot store with a heated patio, concrete columns, mirrors on the ceiling and walls of colorful plants.

    July 17, 2014 1 Photo

  • VIDEO: New story emerges about Texas children locked in hot car

    After footage showed Texas shoppers breaking the windows of a hot car to rescue children trapped inside, additional witnesses have come forward to correct the story behind what has become a viral video.

    July 16, 2014