abc
QUICK LINKS:

New Online Security Risk 'Heartbleed' Leaves Millions Vulnerable, Experts Recommend Password Changes

Updated: 04/09/2014 11:47 PM
Created: 04/09/2014 11:07 PM WDIO.com

A huge gap in the security software used by some of the biggest Internet companies has been found. It has been dubbed the 'Heartbleed' bug, and because of it, the private information of millions was sitting exposed. 

You may recognize the little padlock in the top left corner of some websites you visit. It is supposed to designate the site as secure, but for the last two years that has not been case.  

"The people that wrote this software for this part of that network communication forgot to check a part of that message," Pete Willemsen explained, an associate professor in UMD's computer science department. 

Think of it like this: when your computer connects to a server it sends out a ping known as a heartbeat to check for a secure connection. But with this hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory — that is where the name "Heartbleed" comes from.

"So, that could include your user names and your passwords," said Mark Lanterman, CEO of computer analysis company Computer Forensic Services. "In our testing it returned my VPN credentials. This is very, very serious."

Experts are advising people to consider changing all their online passwords.

But changing passwords will not do any good until the services install the recently-released software to fix the problem. 

"This vulnerability, or bug, is really unfortunate in the sense that it sits with software on the servers... on the machines that you typically would connect to," said Prof. Willemsen. "They are responsible for updating that software."

Lanterman adds that "Amazon, your banks, any server, 66 percent of the web servers on the Internet are vulnerable to this attack."

Cyber security firm LastPass has created a search engine to determine if a website you use may have been affected. Find it by clicking here.

Front Page

  • James Crain, Jr. Man Pleads Guilty in Deaths of Parents

    An Iron River, Wis., man has pleaded guilty to two counts of second-degree intentional homicide in the deaths of his parents last winter.  45-year-old James Crain, Jr., entered the plea Tuesday as part of a plea agreement.

  • Construction of a previous pipeline is seen in this file photo provided by Enbridge. Enbridge Delays Sandpiper Pipeline

    Enbridge Energy Partners is delaying the Sandpiper pipeline project through Minnesota. The Calgary, Alberta-based company disclosed the delay in a filing Tuesday with the U.S. Securities and Exchange Commission.

  • DNR Talks Safety After Hunter Attacked By Bear, More Details Released

    Family members said a hunter is undergoing a second surgery after a bear attack in Pine County. Brandon Johnson is from North Branch and was attacked by a wounded bear early Saturday morning. DNR officials and hunting guides said tracking a wounded bear alone is not recommended.

  • MSHSL to Vote on Policy Changes for Transgender Athletes

    It's in reference to a proposed Minnesota State High School League policy that's scheduled to be voted on this week. The policy would allow transgender high school athletes to play in sports based on their gender identity, not their gender at birth.  

  • Domestic Violence Deaths Reach 77 in Minnesota, Wisconsin for 2013

    Domestic violence resulted in 77 deaths in Minnesota and Wisconsin in 2013. A group called End Domestic Abuse Wisconsin released the latest numbers for Wisconsin on Monday. Advocates in the Twin Ports say the important thing is to work toward fewer deaths in 2014.

 
Advertisement