Heartbleed Internet bug can steal passwords without notice

April 10th, 2014 at 9:41 pm

Heartbleed Internet bug

A major online security firm has alerted on Monday both website companies and Internet users that sites running on SSL encryption are vulnerable to a major Internet bug called Heartbleed. These websites include Airbnb, USMagazine.com, Creative Commons, Pinterest, and NASA.

The security flaw was reportedly discovered by a Google employee working on the company’s security group, as well as a software security firm called Codenomicon. Other vulnerable websites include Yahoo, OKcupid, Indiegogo, and even Gmail.

The Nosebleed Internet bug also affects web servers that run on Apache and Mginx software, and it has the potential to display private information Internet users enter into websites, e-mail, apps, and even on instant messages. These information include credit card information and bank account statements.

The security flaw also puts a loophole in websites and services offering SSL security encryption, since Heartbleed has the ability to allow hackers to skip through the security layer and grab passwords, authentication cookies, and other private information.

While a security patch to counter the bug has been made, many websites have yet to adapt. Some websites even recommend to lay off the Internet for an entire week if possible (which is more likely not).

Source: Mashable


Tags: , , ,