The Stanly News and Press (Albemarle, NC)

State & National News

April 10, 2014

'Heartbleed' flaw leads security experts to urge password changes

Thursday, April 10, 2014 — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only
State & National News
  • linda-ronstadt.jpg Obama had crush on First Lady of Rock

    Linda Ronstadt remained composed as she walked up to claim her National Medal of Arts at a White House ceremony Monday afternoon.

    July 29, 2014 1 Photo

  • Brother sues W.Va. senator over business loan

    FAIRMONT, W. Va. - U.S. Sen. Joe Manchin's brother claims he's owed $1.7 million that he loaned to keep a family carpet out of bankruptcy in the 1980s.

    July 28, 2014

  • CATS-DOGS281.jpg Where cats are more popular than dogs in the U.S.-and all over the world

    We all know there are only two types of people in the world: cat people and dog people. But data from market research firm Euromonitor suggest that these differences extend beyond individual preferences and to the realm of geopolitics: it turns out there are cat countries and dog countries, too.

    July 28, 2014 1 Photo

  • WORLD NEWS: Fast food comes to standstill in China

    BEIJING - The shortage of meat is the result of China's latest food scandal, in which a Shanghai supplier allegedly tackled the problem of expired meat by putting it in new packaging and shipping it to fast-food restaurants around the country

    July 28, 2014

  • Facebook continues moneymaking trend

    WASHINGTON - Facebook seems to have figured out - for now at least - the holy grail for all media right now: how to make money selling mobile ads.

    July 25, 2014

  • Arizona's prolonged lethal injection is fourth in U.S. this year

    NEW YORK - Arizona's execution of double-murderer Joseph Wood marked the fourth time this year that a state failed to dispatch a convict efficiently, according to the Constitution Project, a bipartisan legal group.

    July 25, 2014

  • N.C. Energy Policy Council Long Range Energy Generation and Renewable Energy Committee to meet

    RALEIGH – The North Carolina Energy Policy Council’s Long Range Energy Generation and Renewable Energy Committee will meet via conference call at 9 a.m. July 31.

    July 24, 2014

  • N.C. State University Turfgrass Field Day set for Aug. 13

    N.C. State University’s annual Turfgrass Field Day will be held in Raleigh at the Lake Wheeler Turfgrass Research Lab, Aug. 13, 8:30 a.m. - 2 p.m. One of the largest events of its kind in the country, the field day offers the industry and general public a chance to view the Turfgrass Program’s ongoing research trials and speak directly with N.C. State faculty and staff.

    July 24, 2014

  • NCSU Study: Urban Heat Boosts Some Pest Populations 200-Fold, Killing Red Maples

                New research from North Carolina State University shows that urban “heat islands” are slowly killing red maples in the southeastern United States. One factor is that researchers have found warmer temperatures increase the number of young produced by the gloomy scale insect – a significant tree pest – by 300 percent, which in turn leads to 200 times more adult gloomy scales on urban trees.

    July 23, 2014

  • An oncologist uses scorpion venom to locate cancer cells

    Olson, a pediatric oncologist and research scientist in Seattle, has developed a compound he calls Tumor Paint. When injected into a cancer patient, it seems to light up all the malignant cells so surgeons can easily locate and excise them.

    July 22, 2014

House Ads
Seasonal Content