The Washington Post predicts major disruptions and delays to the Internet in the coming weeks due to simultaneous efforts to repair encryption systems on hundreds of thousands of websites due to the infamous heartbleed bug.
Επικαλούμενη ειδικούς του χώρου της ασφάλειας, η Washington Post αναφέρει ότι οι εκτιμήσεις για τα προβλήματα που έχουν προκύψει λόγω της αποκάλυψης του bug αυξάνονται καθημερινά. Αυτό που ξεκίνησε ως ένα απλά «ενοχλητικό» συμβάν, που απαιτούσε την αλλαγή κωδικών, φαίνεται να εξελίσσεται σε κάτι πολύ πιο σοβαρό, καθώς φαίνεται ότι έμπειροι χάκερ μπορούν να εκμεταλλευθούν το πρόβλημα για να δημιουργήσουν πλαστές ιστοσελίδες με σκοπό την παραπλάνηση των χρηστών του Ίντερνετ ώστε να παρέχουν προσωπικά data.
As pointed out, the extent of work needed to fix this particular dimension of the bug – which allows the theft of security certificates that confirm that a website is authentic – could overwhelm the systems designed to keep the Internet running reliable.
"Imagine suddenly discovering that all the doors that everyone uses is vulnerable - that all can be broken," said Jason Hillley, an Atlantic Councils security officer at Washington. "The kinds of evil that could happen are limited only by the imagination of the perpetrators."
According to some estimates, Heartbleed affected two-thirds of the Internet, forcing a large number of users to change their codes to popular online services. Also, the wave of forced updates to which threatened websites will go will result in uploads of download browsers and security site checks.
As reported in a BBC report, analysis by Netcraft shows that 500.000 websites are vulnerable to the Heartbleed bug. As for the security certificates, Paul Matton, the company's analyst, noted that "it would be safer to assume that all 500.000 certificates have been compromised." “Most competent authorities offer to renew them for free, so there is no excuse not to λήψη δράσης». Ωστόσο, πρόσθεσε, η ανανέωση εκατοντάδων χιλιάδων certificates θα έχει επιπτώσεις στις ταχύτητες web browsing. Όταν ένας χρήστης επισκέπτεται ένα site, γίνεται ένας τυπικός control to determine if the security certificate has been revoked. This normally doesn't cause any delays – however this is now changing due to Heartbleed as many certificates are being revoked and renewed daily. As Robin Alden, executive of the Comodo company, which operates in the field of these certificates, told PC World, tens of thousands of certificates have been issued after Heartbleed. In particular, last week he spoke of a tenfold/twelvefold renewal rate.
The "storm" of Heartbleed seems to extend to Android as well, since, according to data cited by a Guardian article, at least four million smartphones with this operating system in USA and tens of millions worldwide can be targeted because of the bug. Globally, vulnerable mobile phones could amount to 50 million, as indicated by calculations based on Google's announcement, devices "running" a special version of "Jelly Bean" (Android 4.1.1) are vulnerable. The calculations were made using data provided exclusively to the British paper by analytics firm Chitika.
Source: naftemporiki.gr
