« Back

Serious Web Encryption Vulnerability Affects Internet Users Worldwide

A newly discovered problem in a ubiquitous Web encryption technology leaves Internet users worldwide vulnerable to hacking and is being called one of the most serious security flaws uncovered in recent years. Researchers from Google and Codenomicon, a vendor of robustness testing tools, found Heartbleed, a vulnerability in OpenSSL, an open-source implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols that has existed for at least two years. An attacker could exploit the vulnerability, bypassing SSL and TLS encryption to access sensitive data, including passwords, that Internet users transmit. Security experts say network administrators should change their online passwords and must patch their Web and email servers to prevent these problems. Codenomicon CEO David Chartier said, “I don't think anyone that had been using [OpenSSL] is in a position to definitively say they weren't compromised.” (Reuters)(The Associated Press)

Comments
Trackback URL: