Panic over 'Heartbleed' security bug

2014-04-09 07:29
A scandal has engulfed South Korea's spy agency. (Duncan Alfreds, News24, file)

A scandal has engulfed South Korea's spy agency. (Duncan Alfreds, News24, file)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

San Francisco - Trust in the internet took a major blow on Tuesday as alarm spread that software commonly used to encrypt and secure online transactions could wind up giving away the store.

Computer security specialists, website masters, and fans of online privacy were worriedly abuzz with word of a freshly-discovered flaw in online data-scrambling software that hackers can turn to their advantage.

A bug dubbed "Heartbleed" in OpenSSL encryption software lets attackers illicitly retrieve passwords and other bits of information from working memory on computer servers, according to cyber-defence specialists at Fox-IT.

"Expect everybody who runs an https web server to be scrambling today," the Tor Project said in a warning posted at its website.

"If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," it said.

'Crown jewels'

OpenSSL is used to protect passwords, credit card numbers and other data coursing through the internet.

Information considered at risk includes source codes, passwords, and "keys" that could be used to impersonate websites or unlock encrypted data.

"These are the crown jewels, the encryption keys themselves," said a heartbleed.com website devoted to details of the vulnerability.

"Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will."

The flaw in OpenSSL essentially allows a hacker to read the memory of a machine working the software, but no more than 64KB (kilobytes) of data at a time, according to security specialists.

Nor can hackers control which bits of memory are tapped, leaving to chance what they get their hands on.

However, hackers could repeatedly grab packets of memory to ramp up the odds of stealing valuable data.

"There is no limit on the number of attacks that can be performed," Fox-IT said in a blog post that listed steps business IT handlers can take to thwart incursions.

Improved software

Security researchers reported being able to dig out Yahoo password information by taking advantage of the bug. Yahoo released a statement on Tuesday saying it had fixed the problem at its main online properties.

Fox-IT estimated that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.

OpenSSL is used by more than half of websites, but not all versions have the vulnerability, according to heartbleed.com.

The group behind open-source OpenSSL put out a security alert urging users to upgrade to an improved version of the software and gave credit for finding the bug to Neel Mehta of Google Security.

While it is not yet known whether hackers have exploited Heartbleed, operators of websites that used vulnerable version of OpenSSL need to switch to secure versions.

By late on Tuesday, software patches and updates were being rushed out.

Websites will also need to change credentials used to verify authenticity in order to prevent hackers who may have looted the data from impersonating legitimate online venues and tricking visitors to enter valuable personal information.

As an added precaution, internet users were advised to change passwords to online accounts or services they are intent on protecting.

OpenSSL shot to one of the hottest topics at Twitter.

"Shaking my head over recommendation to change passwords everywhere due to Heartbleed," Twitter @agentK said in message.

"If the service hasn't fixed OpenSSL, hardly worth it."
Read more on:    online privacy  |  cybercrime
NEXT ON NEWS24X
SHARE:

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
0 comments
Add your comment
Comment 0 characters remaining
 

Inside News24

 
/Motoring
 

Thirty and still single? There’s hope!

Are you thirty and still single, without even a hint of a prospect on the horizon? Then read this!

 
 

Men24.com

SA’s Playboy Playmate of the year in action!
12 lies everyone accepts as fact
Hottie of the day: Charlotte
Breakup text goes viral and it’s hilarious!

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Festive gifts!

Check out our awesome range of festive gifts to make everyone’s wishes come true. Shop now!

Seen something you like in our catalogue?

Find the perfect gift and save up to R5000 – As seen on the catalogue. Hurry and shop now!

Save up to R2200 on electronics! – As seen in the catalogue

Wishing for tech gadgets this festive? Save up to R2100 on hot tech products at kalahari.com. While stocks last. Shop now!

Up to 35% off books

Save up to 35% on the latest page-turners. While stocks last. Shop now!

Good Morning, Mr Mandela by Zelda la Grange

Good Morning, Mr Mandela tells the extraordinary story of how a young woman had her life, beliefs, prejudices and everything she once believed in utterly transformed by the greatest man of her time. Now R221. Pre-order now!

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Horoscopes
Aquarius
Aquarius

It may be hard to stay cool, calm and collected. Your emotions can get quite heated in the moment. You may benefit from finding a...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.