abc
QUICK LINKS:

New Online Security Risk 'Heartbleed' Leaves Millions Vulnerable, Experts Recommend Password Changes

Updated: 04/09/2014 11:47 PM
Created: 04/09/2014 11:07 PM WDIO.com

A huge gap in the security software used by some of the biggest Internet companies has been found. It has been dubbed the 'Heartbleed' bug, and because of it, the private information of millions was sitting exposed. 

You may recognize the little padlock in the top left corner of some websites you visit. It is supposed to designate the site as secure, but for the last two years that has not been case.  

"The people that wrote this software for this part of that network communication forgot to check a part of that message," Pete Willemsen explained, an associate professor in UMD's computer science department. 

Think of it like this: when your computer connects to a server it sends out a ping known as a heartbeat to check for a secure connection. But with this hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory — that is where the name "Heartbleed" comes from.

"So, that could include your user names and your passwords," said Mark Lanterman, CEO of computer analysis company Computer Forensic Services. "In our testing it returned my VPN credentials. This is very, very serious."

Experts are advising people to consider changing all their online passwords.

But changing passwords will not do any good until the services install the recently-released software to fix the problem. 

"This vulnerability, or bug, is really unfortunate in the sense that it sits with software on the servers... on the machines that you typically would connect to," said Prof. Willemsen. "They are responsible for updating that software."

Lanterman adds that "Amazon, your banks, any server, 66 percent of the web servers on the Internet are vulnerable to this attack."

Cyber security firm LastPass has created a search engine to determine if a website you use may have been affected. Find it by clicking here.

Front Page

  • Community Leaders Spotlight Underused Income Tax Credit

    Employers have just one more day to send out W-2 forms for taxes, but before this year's tax season gets in full swing, Duluth Community Leaders called attention to a credit that one in five eligible tax payers fail to claim.

  • Duluth Public Schools Prepped for Measles

    With more than 100 cases of measles now confirmed in the U.S. including one in Minnesota, Duluth Public School officials said they're doing what they can to prepare for any sign of the virus in the Northland....

  • Mining Industry Day: We Are Hiring

    The 3rd annual Mining Industry Day in Chisholm brought together mining companies and industry vendors, with folks who are looking for work. 

  • Extra Minn. Patrols to Enforce DWI Law this Weekend

    Minnesota troopers say more people are arrested for driving drunk on Super Bowl weekend than the subsequent and prior weekends. The state Department of Public Safety says on Super Bowl game day through Monday, an average of 190 drivers will be arrested for drunken driving and at least one person will die.

  • No Layoffs During 'Warm Idle' at Mesabi Nugget

    The parent company of Mesabi Nugget says it is planning a "warm idle" of the plant for six to eight weeks this winter, but workers will stay on the job. A spokesperson said workers will continue to report to Mesabi Nugget, largely for maintenance activities throughout the plant.

 
Advertisement