There is nowhere to hide. Just two months following the discovery of Heartbleed, the massive OpenSSL bug that affected two-thirds of the entire Internet at the time it was revealed, a new OpenSSL bug has been uncovered that could be even more dangerous. Led by Masashi Kikuchi, security researchers at Japan-based Lepidum shared their discovery on Thursday, noting that this newly revealed vulnerability in OpenSSL has existed for more than 15 years. More →
If there’s one thing that can make the competitive tech industry band together, it’s security. Last month, the Heartbleed bug affected nearly everyone in the industry, requiring millions of customers to change their passwords and rethink the safety that their services provide them. The Wall Street Journal reports that several of the biggest tech firms on the planet are doing what they can to prevent the next Heartbleed by helping to pay the salaries of full-time employees and funding an audit for the OpenSSL Project. More →
Heartbleed, the massive security threat that has recently affected millions of websites, was patched by most large Internet companies and by many site owners, but regular Internet users failed to grasp the significance of the threat, a new Avast study revealed. Furthermore, less than half of those people who knew about Heartbleed failed to take any action once sites fixed the problem. More →
You’re not out of the woods yet, Web users. It seems like ages ago in Internet time that Heartbleed was first discovered. The massive OpenSSL vulnerability affected about 66% of the entire Internet when it was uncovered by security researchers, and it can allow hackers to intercept sensitive data including usernames and passwords. Big companies moved fast to patch the vulnerability and resolve the problem, but unfortunately not everyone acted so quickly to protect their users. More →
Last month, the Heartbleed bug was revealed as a major vulnerability in the world’s most popular encryption method, OpenSSL. Since Heartbleed was uncovered, we still don’t know too much about the people behind OpenSSL. To find out more, BuzzFeed has written a great profile of the two guys named Steve who basically control OpenSSL. Steve Henson, a 46-year-old British mathematics Ph.D., contributes roughly 60% of the code behind OpenSSL, and Steve Marquess, a former Defense Department consultant, runs the OpenSSL Software Foundation, which raises money to support the continued development of OpenSSL. More →
Secretive agencies like the National Security Agency will not hurry to disclose future Heartbleed-like security issues, or at least they won’t always be interested in doing so, The White House revealed in a blog post. It also reiterated the fact that the NSA did not actually know about this major security bug that affected 66% of the entire Internet, as it was previously rumored. After all, the NSA denied everything on Twitter — and soon after, the NSA released its own set of instructions telling the public how to deal with the security flaw. More →
After all this time, is Heartbleed really still an issue we should be concerned with? Yes, yes it is. Heartbleed, the shockingly severe and widespread OpenSSL flaw that impacted 66% of the entire Internet at the time of its discovery, has already been addressed by thousands upon thousands of websites. But believe it or not, there are still countless websites — and apps — out there that have yet to apply the updates necessary to protect their users.
With vulnerable Android apps having been downloaded a whopping 150 million times, Heartbleed is a particularly important issue for Android users. And now, a simple new app claims that it will protect Android phone and tablet owners for free. More →
Internet users have obviously known for some time that hackers pose a serious threat, but we all got a shocking reminder when security researchers revealed the massive Heartbleed bug earlier this month. The OpenSSL security flaw affected an estimated 66% of the entire Internet at the time of its discovery, and it may have exposed usernames and passwords on any number of popular websites. Big companies were quick to address the bug but as we learned recently, Heartbleed was around for years before companies started patching it earlier this month. As such, hackers had plenty of time to exploit the flaw and steal your login details.
Have any of your online accounts been hacked because of Heartbleed? Have hackers breached your accounts using other means? Thanks to a few free websites, it’s remarkably easy to tell if your data might be at risk. More →
Patching up Android to make sure it’s not vulnerable to Heartbleed is one thing. Patching all vulnerable Android apps, on the other hand, is quite another. Re/code draws our attention to a new study from research firm FireEye that claims there have been around 150 million downloads of Android apps that are vulnerable to the Heartbleed bug. And to make matters worse, the researchers say that the assorted “Heartbleed detectors” you can now find in the Google Play store will do little to help you root out vulnerable apps you’ve downloaded. More →
Heartbleed was an abrupt but necessary reminder that when it comes to the Internet, nothing is safe. The massive OpenSSL security hole was discovered earlier this month, and it affected 66% of the entire Internet at the time of its discovery. Most large websites have patched the bug by now and Heartbleed chatter across the Web is inevitably starting to die down. But as one security expert recently pointed out, patching Heartbleed hardly makes the Internet safe again. More →
Even though Google does not have a Heartbleed problem, particularly since the company has known about the OpenSSL bug a month before everyone else, a large number of Android users may still be at risk, The Guardian reports. And that’s not because Google has not patched the security flaw, but rather because Heartbleed indirectly benefits from several factors. More →
So here’s some sort-of good news: Cybercriminals might be just as freaked out about the Heartbleed bug as the rest of us. Trend Micro analyst J.D. Sherry writes that revelations about the gaping hole in the Open SSL, the security protocol used to encrypt web traffic, have caused “shell shock in the Deep Web as many of the hidden services within the TOR (The Onion Router) are impacted as well.”
If you find yourself unable to access your favorite websites over the next few weeks, don’t worry: The Internet isn’t broken, it’s just undergoing very needed repairs. The Washington Post has talked with some security experts who expect that patching the Heartbleed bug is going to cause major disruptions on the Internet for a while as major web companies scramble to guard their websites against a bug that caught the tech world flat-footed last week. More →