CHINA TOPIX

12/23/2024 05:14:06 am

Make CT Your Homepage

Heartbleed Bug Affected Millions of Websites in China

Heartbleed, the most serious bug of the year that could expose passwords, credit card numbers and sensitive information to hackers, has affected a large number of websites in China.

Qihoo 360's Test platform found that 11,440 out of 1,200,000 authorized websites were affected by the bug, a security flaw in OpenSSL encryption.

Like Us on Facebook

A total of 200 million netizens visited the websites that were exposed to the bug, prompting website owners to urgently install fixes.

Email services were also all affected by Heartbleed.

China Financial Certification Authority assured that e-banking was not affected and USBKey can be used normally.

Alibaba, Tencent and other large Internet service companies announced on Weibo that they have already fixed the OpenSSL bug.

Hacker attacks that breached Chinese websites through the Heartbleed bug became apparent early morning on Monday.

Heartbleed is a "nuclear crisis in the Internet landscape due to its potential for damage," said Shi Xiaohong, a security expert with Qihoo 360.

Users cannot protect their information if they have used the services of websites with OpenSSL encryption technology, even if their computers are well protected by anti-virus tools, according to Qihoo 360.

The economic damage caused by the bug is currently unknown, but the Google and Codenomimon researchers who discovered the bug said the two most popular web servers, Apache and nginx, covering about two thirds of websites worldwide, use OpenSSL.

A security fix was released on the day researchers exposed Heartbleed to the public and websites worldwide are scrambling to remedy their vulnerabilities.

"We are focusing on the reports of OpenSSL issue. We will carry out measures to protect users if it indeed affect our devices and services," Microsoft said. 

Web experts consider Heartbleed as an honest error committed by Dr. Robin Seggelman, whose coding error resulted to the vulnerability in OpenSSL.

Seggelman, a German programmer, was actually trying to improve OpenSSL when he introduced the patch in January 2011, but an error in programming led to the security flaw, which he described as a trivial error that unfortunately had a widespread severe impact. 

Real Time Analytics