The flaw, according the technology firms, has existed in the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce for about two years now.
Researchers from a Finnish security firm called Codenomicon diagnosed the flaw codenamed Heartbleed and they expressed worry about the breach because it went undetected for more than two years.
The flaw is with OpenSSL, a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it.
If an organisation employs Open SSL, users see a padlock icon in their web browser – although this can also be triggered by rival products.
They said that if attackers made copies of these keys they could steal the names and passwords of people using the services, as well as take copies of their data and set up spoof sites that would appear legitimate because they used the stolen credentials.
Although there is now a way to close the security hole, there are still plenty of reasons to be concerned, said David Chartier, Chief Executive Officer of Codenomicon. “I don’t think anyone that had been using this technology is in a position to definitively say they weren’t compromised,” Chartier said.
Chartier and other computer security experts are advising people to consider changing all their online passwords.
“I would change every password everywhere because it’s possible something was sniffed out,” said Wolfgang Kandek, chief technology officer for Qualys, a maker of security- analysis software. “You don’t know because an attack wouldn’t have left a distinct footprint.”
Source: New Telegraph
No comments:
Post a Comment