Click to Skip Ad
Closing in...
  1. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  2. Galaxy Star Projector Amazon
    09:43 Deals

    This awesome $32 gadget went viral on TikTok and now Amazon shoppers are obsessed

  3. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  4. Amazon Gift Card
    07:58 Deals

    $25 in free Amazon credit beats any Prime Day deal – here’s how to get it

  5. How To Save Money On Your Cable Bill
    15:37 Deals

    Your cable company is furious that we’re telling you about this $59 box on Amazon

Not even Tor can keep you safe from Heartbleed

April 16th, 2014 at 1:18 PM
Heartbleed Bug Fix Tor

So here’s some sort-of good news: Cybercriminals might be just as freaked out about the Heartbleed bug as the rest of us. Trend Micro analyst J.D. Sherry writes that revelations about the gaping hole in the Open SSL, the security protocol used to encrypt web traffic, have caused “shell shock in the Deep Web as many of the hidden services within the TOR (The Onion Router) are impacted as well.”

Why is Heartbleed so potentially thorny for people who use Tor? Well consider what makes Tor so popular for criminals in the first place: It keeps your online activity anonymous by routing your traffic through several different servers before sending it through to your computer. However, the anonymity of your communications can become compromised if someone gets access to your user name and password for websites where you conduct illicit activities.

This is where Heartbleed comes in: One big danger with the bug is that it may allow hackers to steal the security certificates of GoogleFacebook, Yahoo and other websites, which they can then use to create fake versions of those sites where unsuspecting users will hand over their user names and passwords. As Trend Micro notes, it wouldn’t be at all surprising to see law enforcement officials trying to take advantage of Heartbleed to try to steal the security certificates from some of the websites frequented by criminals online.

You can rest assured that law enforcement will be scanning potential ecosystems that are potential anonymous criminal networks,” writes Sherry. “This will be an attempt to discern if they might be able shine a bright lens on communities thought to be untraceable but now equally vulnerable due to this pervasive bug in OpenSSL.”

Popular News