facebook
twitter
rss
account
search
search
 

Internet users advised to change passwords due to 'Heartbleed' bug

OpenSSL technology allows websites that use HTTPS encryption to keep data secure, and the bug in OpenSSL leaves data vulnerable.
By Aileen Graef   |   April 9, 2014 at 7:56 AM  |  Updated April 9, 2014 at 8:11 AM   |   Comments

//cdnph.upi.com/sv/em/upi/UPI-7871397041637/2014/1/f564547a1f0a6728314907e3c84880bd/Internet-users-advised-to-change-passwords-due-to-Heartbleed-bug.jpg
SAN FRANCISCO, April 9 (UPI) -- Internet users are encouraged to change the online passwords after the discovery of a major bug known as "Heartbleed" affecting OpenSSL.

The Heartbleed bug in OpenSSL means that any website with HTTPS encryption is vulnerable to attack. Users can tell if a website uses HTTPS security if the see "https" at the beginning of a URL.

About a third of websites use OpenSSL for HTTPS encryption. The bug was simultaneously discovered by Neel Mehta of Google Security and a team of security engineers at Codenomicon. After the bug was reported to OpenSSL Monday night, a number of popular websites advised users to change their passwords.

"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," said Tumblr in a blog post.

Tumblr is owned by Yahoo, and the company confirmed users' data had been compromised.

The one positive is that only one version of the OpenSSL was affected but the OpenSSL in question has been active for two years and the bug was only discovered recently. A fix has been issued, but experts warn everyone should still change their passwords.

"This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," Tumblr wrote.

The security researchers who discovered the bug have also created a website with more information about Heartbleed and the security vulnerability on websites affected.

[LA Times]
[Tumblr]
[Heartbleed]

Follow @AileenGraef and @UPI on Twitter.
Contact the Author
Topics: Google
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Most Popular
1
Northrop Grumman developing reusable space plane for lifting spacecraft into orbit
2
Construction on Russian gas line to China slated for September
3
Corona Extra recalled due to glass particles in beer
4
Navy to test Lockheed Martin's FORTIS exoskeleton
5
Final builder sea trials for Australian landing helicopter dock ship
Trending News
Video
x
Feedback