McAlester News-Capital, McAlester, OK

Community News Network

April 9, 2014

'Heartbleed' flaw leads security experts to urge password changes

SAN FRANCISCO — Security experts are urging consumers to change their Web passwords after the recent disclosure of a vulnerability touching wide swaths of the Internet, even as Google, Facebook and large banks said they weren't affected.

The flaw to OpenSSL, an open-source software that runs on as many as two-thirds of all active websites, was reported on April 7, by researchers who pushed out a fix. Dubbed Heartbleed, the bug could have allowed hackers to access encrypted e-mail messages, banking information, user names and passwords.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Zully Ramzan, chief technology officer of Elastica, a cyber- security firm, wrote in an e-mail yesterday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

The Heartbleed revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus and the spying scandal involving the National Security Agency. The flaw involving a two-year-old programming mistake was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon.

It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote. Google and Facebook said they addressed the problem before it was made public and saw no signs of vulnerabilities, while Yahoo! Inc. made the requisite fixes.

"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours," Yahoo said in an e-mailed statement. "Our team has successfully made the appropriate corrections across the main Yahoo properties," such as the homepage, e-mail, finance and sports sites, the Sunnyvale, California-based company said.

OpenSSL is used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website's address.

Before Yahoo issued its fix, security researcher Mark Loman from the Netherlands demonstrated Tuesday on Twitter that he was able to force the site to leak usernames and passwords.

"It wasn't Yahoo's fault, yet they're very slow at installing the critical fix," Loman wrote on his Twitter Inc. account. "Bug disclosure was flawed too."

Many large consumer sites running OpenSSL aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

"The security of our users' information is a top priority," Google said in a statement yesterday. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

JPMorgan Chase & Co., the largest U.S. bank, doesn't use the vulnerable software and user information has not been exposed, the New York-based company said in a statement.

Tests on the home pages of other large technology, e- commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

1
Text Only | Photo Reprints
Community News Network
  • An alarming threat to airlines that no one's talking about

    It's been an abysmal year for the flying public. Planes have crashed in bad weather, disappeared over the Indian Ocean and tragically crossed paths with anti-aircraft missiles over Ukraine.

    July 30, 2014

  • Sharknado.jpg Sharknado 2 set to attack viewers tonight

    In the face of another "Sharknado" TV movie (the even-more-inane "Sharknado 2: The Second One," premiering Wednesday night on Syfy), there isn't much for a critic to say except to echo what the characters themselves so frequently scream when confronted by a great white shark spinning toward them in a funnel cloud:
    "LOOK OUT!!"

    July 30, 2014 1 Photo

  • 20140729-AMX-GIVHAN292.jpg Spanx stretches into new territory with jeans, but promised magic is elusive

    The Spanx empire of stomach-flattening, thigh-slimming, jiggle-reducing foundation garments has expanded to include what the brand promises is the mother of all body-shaping miracles: Spanx jeans.

    July 29, 2014 1 Photo

  • Medical marijuana opponents' most powerful argument is at odds with a mountain of research

    Opponents of marijuana legalization are rapidly losing the battle for hearts and minds. Simply put, the public understands that however you measure the consequences of marijuana use, the drug is significantly less harmful to users and society than tobacco or alcohol.

    July 29, 2014

  • linda-ronstadt.jpg Obama had crush on First Lady of Rock

    Linda Ronstadt remained composed as she walked up to claim her National Medal of Arts at a White House ceremony Monday afternoon.

    July 29, 2014 1 Photo

  • Can black women have it all?

    In a powerful new essay for the National Journal, my friend Michel Martin makes a compelling case for why we need to continue the having-it-all conversation.

    July 29, 2014

  • Dangerous Darkies Logo.png Redskins not the only nickname to cause a stir

    Daniel Snyder has come under fire for refusing to change the mascot of his NFL team, the Washington Redskins. The Redskins, however, are far from being the only controversial mascot in sports history.  Here is a sampling of athletic teams from all areas of the sports world that were outside the norm.

    July 28, 2014 3 Photos

  • 'Rebel' mascot rising from the dead

    Students and alumni from a Richmond, Va.-area high school are seeking to revive the school's historic mascot, a Confederate soldier known as the "Rebel Man," spurring debate about the appropriateness of public school connections to the Civil War and its icons.

    July 28, 2014

  • Fast food comes to standstill in China

    The shortage of meat is the result of China's latest food scandal, in which a Shanghai supplier allegedly tackled the problem of expired meat by putting it in new packaging and shipping it to fast-food restaurants around the country

    July 28, 2014

  • wd saturday tobias .jpg Stranger’s generosity stuns Ohio veteran

    Vietnam War veteran David A. Tobias was overwhelmed recently when a fellow customer at an OfficeMax store near Ashtabula, Ohio paid for a computer he was purchasing.

    July 28, 2014 1 Photo

Seasonal Content
AP Video
Obama Chides House GOP for Pursuing Lawsuit New Bill Aims to Curb Sexual Assault on Campus Russia Counts Cost of New US, EU Sanctions 3Doodler Bring 3-D Printing to Your Hand Six PA Cops Indicted for Robbing Drug Dealers Britain Testing Driverless Cars on Roadways Raw: Thousands Flocking to German Crop Circle At Least 20 Chikungunya Cases in New Jersey Raw: Obama Eats Ribs in Kansas City In Virginia, the Rise of a New Space Coast Raw: Otters Enjoy Water Slides at Japan Zoo NCAA Settles Head-injury Suit, Will Change Rules Raw: Japanese Soldiers Storm Beach in Exercises Raw: Weapons Fire Hits UN School in Gaza Raw: Rocket Launches Into Space With Cargo Ship Broken Water Main Floods UCLA Two Women Narrowly Avoid Being Hit by Train Crayola Announces Family Attraction in Orlando
NDN Video
Heartwarming 'Batkid Begins' Documentary is Tear-Jerker Sadie Doesn't Want Her Brother to Grow Up Chapter Two: Designing for Naomi Watts Broken Water Main Floods UCLA "Maxim" Hotness! See Jessica Alba's Sizzling Spread Two women barely avoid being hit by train Orlando Bloom and Justin Bieber Reportedly Came To Blows In Ibiza Meet the Man Behind Dumb Starbucks Chris Pratt Adorably Surprises Kids at a 'Guardians of the Galaxy' Screening NOW TRENDING: Peyton Manning dancing at practice "The Bachelorette" Makes Her Decision Thieves pick the wrong gas station to rob Golden Sisters on '50 Shades' trailer: 'Look At That Chest!' Staten Island Man's Emotional Dunk Over NYPD Car - @TheBuzzeronFOX GMA: Dog passes out from excitment to see owner Baseball Hall of Famers Inducted 'Hunger Games: Mockingjay Part 1' Sneak Peek Florida Keys Webcam Captures Turtles Hatching Morgan Freeman Sucks Down Helium on 'Tonight Show' Robin Wright Can Dance! (WATCH)
Parade
Magazine

Click HERE to read all your Parade favorites including Hollywood Wire, Celebrity interviews and photo galleries, Food recipes and cooking tips, Games and lots more.