facebook
twitter
rss
account
search
search
 

Internet users advised to change passwords due to 'Heartbleed' bug

OpenSSL technology allows websites that use HTTPS encryption to keep data secure, and the bug in OpenSSL leaves data vulnerable.
By Aileen Graef   |   April 9, 2014 at 7:56 AM  |  Updated April 9, 2014 at 8:11 AM   |   Comments

http://cdnph.upi.com/sv/em/upi/UPI-7871397041637/2014/1/f564547a1f0a6728314907e3c84880bd/Internet-users-advised-to-change-passwords-due-to-Heartbleed-bug.jpg
SAN FRANCISCO, April 9 (UPI) -- Internet users are encouraged to change the online passwords after the discovery of a major bug known as "Heartbleed" affecting OpenSSL.

The Heartbleed bug in OpenSSL means that any website with HTTPS encryption is vulnerable to attack. Users can tell if a website uses HTTPS security if the see "https" at the beginning of a URL.

About a third of websites use OpenSSL for HTTPS encryption. The bug was simultaneously discovered by Neel Mehta of Google Security and a team of security engineers at Codenomicon. After the bug was reported to OpenSSL Monday night, a number of popular websites advised users to change their passwords.

"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," said Tumblr in a blog post.

Tumblr is owned by Yahoo, and the company confirmed users' data had been compromised.

The one positive is that only one version of the OpenSSL was affected but the OpenSSL in question has been active for two years and the bug was only discovered recently. A fix has been issued, but experts warn everyone should still change their passwords.

"This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," Tumblr wrote.

The security researchers who discovered the bug have also created a website with more information about Heartbleed and the security vulnerability on websites affected.

[LA Times]
[Tumblr]
[Heartbleed]

Follow @AileenGraef and @UPI on Twitter.
Contact the Author
Topics: Google
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
Freedom variant LCS takes to water Freedom variant LCS takes to water
2
MDA demos tracking, targeting capability of Aegis MDA demos tracking, targeting capability of Aegis
3
Iraq seeks thousands of tank rounds Iraq seeks thousands of tank rounds
4
Australia upgrading Tiger helos; receives MH-60R from U.S. Australia upgrading Tiger helos; receives MH-60R from U.S.
5
CNN absent from the Dish Network lineup CNN absent from the Dish Network lineup
Trending News
Around the Web
x
Feedback