abc
QUICK LINKS:

New Online Security Risk 'Heartbleed' Leaves Millions Vulnerable, Experts Recommend Password Changes

Updated: 04/09/2014 11:47 PM
Created: 04/09/2014 11:07 PM WDIO.com

A huge gap in the security software used by some of the biggest Internet companies has been found. It has been dubbed the 'Heartbleed' bug, and because of it, the private information of millions was sitting exposed. 

You may recognize the little padlock in the top left corner of some websites you visit. It is supposed to designate the site as secure, but for the last two years that has not been case.  

"The people that wrote this software for this part of that network communication forgot to check a part of that message," Pete Willemsen explained, an associate professor in UMD's computer science department. 

Think of it like this: when your computer connects to a server it sends out a ping known as a heartbeat to check for a secure connection. But with this hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory — that is where the name "Heartbleed" comes from.

"So, that could include your user names and your passwords," said Mark Lanterman, CEO of computer analysis company Computer Forensic Services. "In our testing it returned my VPN credentials. This is very, very serious."

Experts are advising people to consider changing all their online passwords.

But changing passwords will not do any good until the services install the recently-released software to fix the problem. 

"This vulnerability, or bug, is really unfortunate in the sense that it sits with software on the servers... on the machines that you typically would connect to," said Prof. Willemsen. "They are responsible for updating that software."

Lanterman adds that "Amazon, your banks, any server, 66 percent of the web servers on the Internet are vulnerable to this attack."

Cyber security firm LastPass has created a search engine to determine if a website you use may have been affected. Find it by clicking here.

Front Page

  • Update: Teen Killed in Douglas Co. Crash

    The Douglas County Sheriff's Office says a Lake Nebagamon teenager was killed in a two-vehicle crash on Wednesday afternoon.  15-year-old Seth N. Stariah, a passenger in one of the vehicles, was pronounced dead at the scene.

  • Workers at the NOvA hall in Ash River assemble the final block of the far detector in early February 2014, with the nearly completed detector in the background. U of M Reaches Milestone with Ash River Neutrino Detector

    The University of Minnesota is celebrating a milestone in creating an experimental particle detector that it says could eventually yield important information about the beginning of the universe.

  • Missing Employee Found at Soudan Underground Mine State Park

    Authorities have located 76-year-old Adrienne De Vries at the Soudan Underground Mine State Park. De Vries is an employee of the park, and lost her way when walking down a trail. The St. Louis County Sheriff's Department says she was transported to Ely Hospital to get checked as a precautionary.

  • Sky High: Northlanders Blast Off on New Flyboard

    Here in the Northland, we're used to lakes, but a new toy is changing how we enjoy the water. The flyboard is making its Twin Ports debut. It's a water jet pack on a board that is hooked up to a jet ski. The water launches you up to 55 feet in the air.

  • Democrats Vying for Wisconsin's 25th Senate District Talk Mining

    Mining is a top issue in northern Wisconsin's legislative races, and a formal debate Wednesday night was no exception. Three democrats vying for the 25th Senate District seat explained their views during a public debate at the Great Lakes Visitor Center in Ashland.

 
Advertisement