Grapefruits Posted April 10, 2014 Share Posted April 10, 2014 If you thought your computer and passwords were safe, you should probably check again. The “heartbleed” bug has recently gained some notoriety as it's been found leaving many major websites vulnerable to hackers. Experts are currently considering it to be one of the most serious security flaws uncovered in recent history. From Reuters: “The finding of the so-called "Heartbleed" vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government's Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions a type of software known as OpenSSL. It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.” The security firm, Codenomicon, has gone on to test their own services by attacking themselves from the outside to ensure safety for their site and services. Security experts say that the virus has actually been in existence for the past two years and victims cannot tell if their data has been accessed from anytime during that period. There is an estimation that hundreds of thousands of web and email servers that may need to be patched to protect themselves from hackers utilizing the virus. Among the sites that have been patched and protected are: Yahoo Mail, Yahoo Search, Flickr, and Tumblr, but many more should be also be patched. You can find more information from a website built by Codenomicon in order to provide more details on the threat at heartbleed.com. Read the full story here. Reach Tech Editor Eric Parra here. ----------------------------------------------------------------------------------------------- So I heard about this a day or so ago. I see the news finally caught up just tonight, LOL! I'm no computer expert, so what are everyone's thoughts on this? Link to comment Share on other sites More sharing options...
Dazzle Posted April 10, 2014 Share Posted April 10, 2014 If you thought your computer and passwords were safe, you should probably check again. The “heartbleed” bug has recently gained some notoriety as it's been found leaving many major websites vulnerable to hackers. Experts are currently considering it to be one of the most serious security flaws uncovered in recent history. From Reuters: “The finding of the so-called "Heartbleed" vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government's Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions a type of software known as OpenSSL. It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.” The security firm, Codenomicon, has gone on to test their own services by attacking themselves from the outside to ensure safety for their site and services. Security experts say that the virus has actually been in existence for the past two years and victims cannot tell if their data has been accessed from anytime during that period. There is an estimation that hundreds of thousands of web and email servers that may need to be patched to protect themselves from hackers utilizing the virus. Among the sites that have been patched and protected are: Yahoo Mail, Yahoo Search, Flickr, and Tumblr, but many more should be also be patched. You can find more information from a website built by Codenomicon in order to provide more details on the threat at heartbleed.com. Read the full story here. Reach Tech Editor Eric Parra here. ----------------------------------------------------------------------------------------------- So I heard about this a day or so ago. I see the news finally caught up just tonight, LOL! I'm no computer expert, so what are everyone's thoughts on this? Whenever there's women... there's a heart bleed virus infection about to come true. All jokes aside, this sounds like a really serious virus, but how has it been that this vulnerability hadn't been detected previously? This virus isn't new, according to them, so why is it particularly relevant now? Why did this news come out this late? This article doesn't seem to address any of those questions. Link to comment Share on other sites More sharing options...
Silfverberg Snipes Posted April 10, 2014 Share Posted April 10, 2014 EDIT: Woops Link to comment Share on other sites More sharing options...
FallenCR7A Posted April 10, 2014 Share Posted April 10, 2014 It should be categorized as a bug and not a virus. No ones been able to find it until now because it's more of a bug you come across in usage than through just looking through code. A lot of the giants (google, microsoft, etc) don't use openssl (correct me if I'm wrong) since they have their own in-house security systems, so if you have accounts with them you're pretty much ok. For more: http://www.theverge.com/2014/4/8/5594266/how-heartbleed-broke-the-internet Link to comment Share on other sites More sharing options...
Tre Mac Posted April 10, 2014 Share Posted April 10, 2014 Well on the bright side Revenue Canada is extending the online tax file deadline due to this bug. Link to comment Share on other sites More sharing options...
Mr. Ambien Posted April 11, 2014 Share Posted April 11, 2014 Yikes. What a bad time for the CRA website to be hit with something of that nature. Link to comment Share on other sites More sharing options...
Grapefruits Posted April 11, 2014 Author Share Posted April 11, 2014 Well on the bright side Revenue Canada is extending the online tax file deadline due to this bug. Yeah, here's the official notice: CRA update regarding the Heartbleed Bug - Thursday, April 10, 3pm After learning of the security vulnerability posed by the Heartbleed bug, the Canada Revenue Agency (CRA) took preventative measures and removed public access to its online services in order to protect the confidentiality of the taxpayer information it holds. Applications affected include online services like EFILE, NETFILE, My Account, My Business Account and Represent a Client. The CRA continues to work on resolving the issue. In keeping with industry practice, we are currently implementing a solution, or “patch”, for the bug, and are vigorously testing all systems to ensure they will be safe and secure once the site is re-launched. The Minister of National Revenue has also confirmed that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of this service interruption. The Agency appreciates the cooperation and patience of the public and our business and taxpayer representative communities. We remain committed to maintaining the confidence of Canadians by taking all steps necessary to ensure the security of taxpayer information.We will continue to provide further information and daily updates at 3PM EDT on our home page. Link to comment Share on other sites More sharing options...
BeefcakeBo Posted April 11, 2014 Share Posted April 11, 2014 Definitely not a "virus". It's a vulnerability with a system used on thousands of websites. To put it in very simple terms. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.