abc
QUICK LINKS:

New Online Security Risk 'Heartbleed' Leaves Millions Vulnerable, Experts Recommend Password Changes

Updated: 04/09/2014 11:47 PM
Created: 04/09/2014 11:07 PM WDIO.com

A huge gap in the security software used by some of the biggest Internet companies has been found. It has been dubbed the 'Heartbleed' bug, and because of it, the private information of millions was sitting exposed. 

You may recognize the little padlock in the top left corner of some websites you visit. It is supposed to designate the site as secure, but for the last two years that has not been case.  

"The people that wrote this software for this part of that network communication forgot to check a part of that message," Pete Willemsen explained, an associate professor in UMD's computer science department. 

Think of it like this: when your computer connects to a server it sends out a ping known as a heartbeat to check for a secure connection. But with this hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory — that is where the name "Heartbleed" comes from.

"So, that could include your user names and your passwords," said Mark Lanterman, CEO of computer analysis company Computer Forensic Services. "In our testing it returned my VPN credentials. This is very, very serious."

Experts are advising people to consider changing all their online passwords.

But changing passwords will not do any good until the services install the recently-released software to fix the problem. 

"This vulnerability, or bug, is really unfortunate in the sense that it sits with software on the servers... on the machines that you typically would connect to," said Prof. Willemsen. "They are responsible for updating that software."

Lanterman adds that "Amazon, your banks, any server, 66 percent of the web servers on the Internet are vulnerable to this attack."

Cyber security firm LastPass has created a search engine to determine if a website you use may have been affected. Find it by clicking here.

Front Page

  • Police: Duluth Man Admitted to Killing Mother

    A 37-year-old man called police early Tuesday morning and told dispatchers to send officers to a Lincoln Park residence.  The man allegedly met officers at the door and told them they should arrest him because he just killed his mother.

  • Pine Co. Sheriff's Office Reports Children Missing

    The Pine County Sheriff's Office is asking for the public's assistance in locating a man and two children who have not been seen since last week.  Authorities say 44-year-old Peter John Kunze and his two juvenile children failed to appear in court for a custody hearing on Friday and they are concerned for the children's welfare.

  • Matthew R. Reder and Jordyn A. Mazanec Runaway Teen Sought in Ironwood

    Jordyn A. Mazanec, 16, was last seen Monday in Ironwood after having a verbal disagreement during a phone call.  Mazanec's vehicle and cell phone were located near the Mt. Zion ski hill in Ironwood.

  • Former Correctional Officer Pleads Guilty to Sexually Assaulting Juvenile Inmate

    A former correctional officer at a juvenile facility in Grand Rapids has pled guilty to three charges of third-degree criminal sexual conduct. 

  • Duluth Nonprofit Leads Gender Equality Training for Minn. Sports Coaches

    Duluth nonprofit Men As Peacemakers is leading a statewide initiative to promote gender equality and prevent sexual violence. The Impact program focuses on training community and high school coaches. The creators of the program say coaches are key, as studies say they are often the most influential people in students' lives.

 
Advertisement