'Heartbleed' Security Flaw Threatens Credit Cards and Passwords on Secure Sites
| Ying Zhin | | Apr 09, 2014 05:53 AM EDT |
"Secure" is no longer secure.
That's the consensus after it was discovered that supposedly secure websites --those sporting a padlock icon and the https-colon-double-slash when you open them in your browser-- have been breached via a security flaw in encryption software.
Websites that begin with https are usually those that deal with eCommerce transactions, online banking sites, email providers and most social media sites.
Like Us on Facebook
The logical conclusion: passwords, credit card data, and other sensitive personal information that people have stored in these sites run the risk of being compromised, if they aren't already.
The advice: change your passwords. Now. Change your passwords now before your heart bleeds over loss of money and online secrets.
Researchers at Google and Finnish security firm Codenomicon discovered the security flaw which they named "Heartbleed".
They say Heartbleed has been around in the last two years, and can be used to stealthily extract data without leaving any trace, but the researchers were not sure if someone has actually used the said security flaw in a hacking attack.
There have been occasional reports, however, of credit card data being used in online purchases unknown to the card owner.
The Heartbleed security breach involves SSL/TLS encryption, but he OpenSSL is said to have been heavily affected by the problem.
Codenomicon says Open SSL is used by both Apache and nginx, the platform used by many websites, email clients, chat software and VPNs.
Thankfully, many big-traffic consumer websites have opted for conservative software and are thus less prone to exposure to the security flaw.
In contrast, the websites that provide smaller but more progressive services have latched on to newer encryption technology, which put them at a higher risk of being victimized by the Heartbleed security flaw.
Researchers said a security fix was released on Monday and urged companies to install the patch.
Social networks Tumblr and Yahoo have stepped up to the plate, with Tumblr assuring its clients that there was no evidence that the social media platform was breached, while Yahoo said it was working double-time to fix any security flaws in its products.
Researchers reiterated their advice to people to change their passwords regularly, and to add a backup mobile number to their account that can be used to verify the user's identity in case problems accessing their account arise due to hacking.
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?
