Skip to main content

Internet users told to change ALL passwords in security alert over 'catastrophic' Heartbleed bug

LastPass Heartbleed Checker warns if a website may be at risk. It also reveals websites that aren't affected


As a result, personal information such as passwords and credit card details has been accessible.
Heartbleed, so called because it creates a ‘bleeding’ leak of security, is a flaw in OpenSSL, the software used by the majority of websites to keep data secure.
The programme works by encrypting data – such as emails, instant messages, bank details or passwords – making it look like nonsense to hackers.
When a line of communication is secure and information encrypted, the user sees a padlock on the page. When software is active, one computer may send a ‘heartbeat’ – a small packet of data – to check there is still another computer at the other end.
However, a flaw in the programming meant it was possible to trick the computer at the other end by sending it a packet of data that looked like one of these heartbeats. This made it possible for hackers to impersonate the website and steal the encryption keys, revealing the data being sent.

The bug was found simultaneously by a Google security researcher and a small Finnish security firm named Codenomicon and disclosed on Monday night.
Many companies have installed a ‘patch’ to fix the flaw, but there are still many that are vulnerable as service providers must install the update.
Furthermore, it is not known whether hackers had used it before the bug came to light – it went undiscovered for two years – as doing so would not leave a trail.

One of the worst affected sites was Yahoo!, who posted a warning on their blogging site Tumblr to say: ‘The little lock icon we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible.’
A spokesman for Codenomicon said: ‘If people have logged into a service during the window of vulnerability then there is a chance that the password is already harvested.
‘In that sense it’s a good idea to change the passwords on all the updated web portals.’
However, researcher Mark Schloesser said changing a password on websites that have not fixed the bug could reveal ‘both the old and new passwords’ to an attacker.
By Rebecca Evans and Tania Steere

Comments

Popular posts from this blog

The Rich Kids of Russia: Instagram mocks the children of oligarchs photographed posing beside luxury golden cars, mansions and private jets

An anonymous Instagram account revealing the lifestyles of the rich children of Russian oligarchs has become an internet sensation. The biography of the anonymous profile says it is dedicated to documenting the lives of the kids from Russia growing up in luxury.  The account specializes in collecting photos of rich Russian kids that they post online themselves, with everything from luxury cars through to selfies with expensive cars, boats or famous people.

$2million raised by Spark Internet Group

Jason Njoku, Bastian Gotter and Mary Remmy-Njoku launched Spark, the Lagos-based Internet Group that invests in Nigerian start-ups, a few months back. (If you missed it, read it HERE). They launched with a $1m investment fund and have just announced that due to huge interest in their company, they have secured another $2million from a pool of 17 international high net individual investors, based on a $10m valuation for the three month old company. It seems that the world now firmly has its eyes on Nigeria for exciting Internet companies to invest in!

Spark companies employ 130 people across the nine launched companies in Lagos, three of which have already secured second-round seed investments totaling an additional $700k from Njoku and Gotter. Continue...

Spark’s goal is to revolutionize Nigeria’s angel investment eco-system, focusing on the country’s Internet startup scene.   In an official press release, Jason Njoku of iROKOtv fame says: “Every Spark company we have invested in alread…

THE MAN PETER MBAH

Peter Mbah was born on the 17th, March 1972
He started his primary education in 1978. He attended the Army Children School, Bori Camp, Port Harcourt where he obtained his 1st School Leaving Certificate in 1984. In the same year, he proceeded to Owode High School, Owode Egba, Ogun State and in 1990, he graduated with a Senior Secondary Certificate in Education (SSCE) (O’Levels).
An adventurous Mbah obtained a Certificate in German as Foreign Language from the VolkHoch Schule, Recklinghausen, Germany in 1992. Between 1997 and year 2000, he attended the University of East London, United Kingdom where he graduated as a lawyer (.L.L.B (Hons)) with a Second Class Upper Division. While at the School, Mbah was an outstanding President of the Student Law Society (1998-1999). During his tenure, the association won the Students Union’s prize and certificate of achievement for the “Most Productive Society of the Year”.