Heartbleed virus could leave you bloodied

UPDATE: This bug may also climb aboard cellphones and more. It appears to be bigger than previously understood.
 
 
By Robb Hicken/BBB’s chief storyteller 

Business owners need to be aware of a computer bug that targets computer servers running the most widely used Internet encryption security system, according to Better Business Bureau serving the Snake River Region.heartbleed

Security engineers discovered that the “Heartbleed” bug exploits a flaw in OpenSSL, which allowed them to view passwords and user names when they tested the virus.  Secure Sockets Layer (SSL) is an open-source software program that encrypts data over the Internet.  It is used to secure business transactions, email, instant messaging services, social media sites and any other sort of web-based system that must secure the data that is transmitted to and from its servers.

Heartbleed compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the real content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

“Once the specialists understood how it worked, they avoided publicizing the discovery until OpenSSL’s developers could create an update that eliminates the security loophole,” says BBB CEO Dale Dixon. “We’re reading that the Heartbleed has also been seen in places like Gmail and Facebook, exposing your personal and financial information.”

Yahoo was among the first-named websites where Heartbleed was detected.  Yahoo and other major companies that rely on OpenSSL moved quickly to fix the vulnerability.  SSL is used on web servers, but not on PCs or mobile devices.

The bug is believed to have originated two years ago, but researchers say it covered its tracks to leave no trace of its presence.  There is no word on how many servers were infected.

BBB recommends businesses consult a qualified information technology (IT) professional, to see whether their servers are infected with the bug, and if so, remove it and apply the updated, secure version of OpenSSL.

Consumers and businesses should change their passwords, and regularly scan their computers with an updated computer security application.  In addition, install operating system updates and software patches, which often address emerging security flaws.

Where to find more information?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt or  https://www.cert.fi/en/reports/2014/vulnerability788210.html.

Please note: BBB reserves the right to delete comments that are offensive or off-topic.

Leave a Reply

0 thoughts on “Heartbleed virus could leave you bloodied

  1. Again as I mentioned in a previous notice about Microsoft no longer supporting XP, this has been the downfall of many companies who have their inter company software based on Microsoft platforms. Sooner than later, it becomes common knowledge among hackers and those who are nefarious at cracking software and encryption codes.
    Same thing applies to open source SSL. It is an easily adaptable computer language.
    There was a time when security was almost perfect because the programmer would write a program in one language, encrypt it with another, and then another again. The problem was at the time of this brilliant idea, computers did not have the speed nor the memory to boggle through all of this encryption for simple tasks so it meant a huge investment and a roomful of memory and data storage devices to maintain quick results, so it just was not economical, yet the larger companies did it because then needed to.
    Then of course came the home computer, then the business computer systems downsized so that work could be taken home. Thus the flaw, Apple and Microsoft became extremely wealthy and the popular stock in IBM dropped like a ton of bricks.
    Why did this happen? Look it up. IBM wanted to buy out Microsoft exclusively for their own line of home computers that the planned to put on the market place. Bill Gates chose not to sell out his software company believing that there would be a multitude of computer manufactures and he wanted an affordable easy to use operating system that could be used on any computer. Apple of course had already been in the marketplace with gaming machines and already had a platform for personal computers as well. Of course Tandy otherwise known as Radio Shack beat them all to the punch with affordable easy to use home computers with their TRS80.
    The war was on and into the ring stepped Commodore who was a rival of IBM and they had even a much more clever platform that threatened all of them. Yet, they were the first to fall, because of the onslaught of the value packed no name systems that came with the Microsoft operating systems. Commodore could not compete with the price. Then the better know names started manufacturing computers and the processor war started.
    So, point being, the market is so over saturated with low cost competition and Microsoft so eager to control the software realm, it is plain enough to understand that we are constantly under attack by online criminal activity.
    Still, being wary, keeping your protection software up to date, always gaining new knowledge about new threats and never be afraid to address these threats to the people who sell you your protection software, will give you peace of mind.
    Living in a state of paranoia really takes the joy out of having a computer. Yet if you know your enemy, you do not fear your enemy. If you know the danger, you do not fear the danger. Without fear, you only have a sense of clarity to protect and defend what is rightfully yours to protect and defend.

    Mark Burrows