Unnecessary password reset on the Internet due to Heartbleed

An unprecedented "wave" of code change seems to drive the Internet because of the revelations about the most notorious bug heartbleed, which affects a huge number and websites around the world.

Already several companies in the technology space have begun to urge their users to change their passwords, especially for email services, storage and e-banking, as Heartbleed is now labeled as one of the most significant security threats the Internet has seen.

heartbleed

One of these was Yahoo's blogging / social networking platform, Tumblr. The Canadian tax office has also stopped its online services.

It is recalled that the bug is found in OpenSSL, που χρησιμοποιείται για την κρυπτογράφηση δεδομένων που περνούν από servers, έτσι ώστε μόνο ο πάροχος της υπηρεσίας και οι παραλήπτες να μπορούν να τα «διαβάσουν». Σύμφωνα με την Google Security και τη φινλανδική Codenomicon, το πρόβλημα υπήρχε εδώ και άνω των δύο ετών. Εξαιτίας του ήταν δυνατή η υποκλοπή των «κλειδιών» online υπηρεσιών, με αποτέλεσμα να είναι δυνατή η υποκλοπή ονομάτων και κωδικών χρηστών, καθώς και η fake websites that looked authentic because they used the stolen passwords.

According to a BBC report, Google is believed to have informed a number of stakeholders about the issue before it was released to upgrade to a new version of OpenSSL.

Όπως αναφέρεται σε δημοσίευμα του CNET, υπάρχουν αναφορές από στελέχη εταιρειών του χώρου της ασφάλειας και developers για εντοπισμό/ υποκλοπή κωδικών της Yahoo μέσω εκμετάλλευσης του Heartbleed. Σύμφωνα με το δημοσίευμα, η Yahoo έχει προχωρήσει σε σχετικές ενέργειες, προβαίνοντας σε διορθώσεις σε: Yahoo Homepage, , Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, Tumblr.

Developer and Encryption Advisor Filip Valsoranda developed a tool that allows users to check websites about whether they are vulnerable due to Heartbleed.

A Mashable article suggests changing codes to a range of popular services, even if many of them have not been identified as a matter of fact or not. In any case, the overall perception of the issue on the Internet seems to be the proactive code change to important services that users often use.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).