abc
QUICK LINKS:

New Online Security Risk 'Heartbleed' Leaves Millions Vulnerable, Experts Recommend Password Changes

Updated: 04/09/2014 11:47 PM
Created: 04/09/2014 11:07 PM WDIO.com

A huge gap in the security software used by some of the biggest Internet companies has been found. It has been dubbed the 'Heartbleed' bug, and because of it, the private information of millions was sitting exposed. 

You may recognize the little padlock in the top left corner of some websites you visit. It is supposed to designate the site as secure, but for the last two years that has not been case.  

"The people that wrote this software for this part of that network communication forgot to check a part of that message," Pete Willemsen explained, an associate professor in UMD's computer science department. 

Think of it like this: when your computer connects to a server it sends out a ping known as a heartbeat to check for a secure connection. But with this hole in the code, a hacker could send out a secret heartbeat and retrieve any information that is still in memory — that is where the name "Heartbleed" comes from.

"So, that could include your user names and your passwords," said Mark Lanterman, CEO of computer analysis company Computer Forensic Services. "In our testing it returned my VPN credentials. This is very, very serious."

Experts are advising people to consider changing all their online passwords.

But changing passwords will not do any good until the services install the recently-released software to fix the problem. 

"This vulnerability, or bug, is really unfortunate in the sense that it sits with software on the servers... on the machines that you typically would connect to," said Prof. Willemsen. "They are responsible for updating that software."

Lanterman adds that "Amazon, your banks, any server, 66 percent of the web servers on the Internet are vulnerable to this attack."

Cyber security firm LastPass has created a search engine to determine if a website you use may have been affected. Find it by clicking here.

Front Page

  • Duluth Police Seek Tips to Find Missing Woman

    The Duluth Police Department is seeking tips from the public to locate a woman who has been missing for more than a week. Kathryn Mary McQuillen, 60, was last seen at Lakeside Manor, 4831 London Road.

  • Gov. Mark Dayton surveys flood-affected areas of Koochiching County in June. Koochiching, Beltrami Co. Added to Federal Disaster Area

    The Federal Emergency Management Agency has added 24 Minnesota counties and two tribal governments to a federal disaster declaration for flooding, including Koochiching and Beltrami counties and the Red Lake Band of Chippewa.

  • Chester Bowl Ski Jumps to be Torn Down, Memorialized

    Out with the old and in with the new is a transition that's difficult for many especially when the old is something as historic as the Chester Bowl Ski Jumps. They will be torn down the week of August 18th, but a new memorial will go up by early 2016.

  • Duluth Hunt To Allow Unlimited Antlerless Deer Harvest

    As hunters gear up for fall, bowhunters in Duluth are also getting ready for a change. The city hunt will allow unlimited antlerless deer to be harvested this fall. The change comes as most of the state is seeing tighter restrictions.

  • 130 Years of Mining in Minnesota

    Folks gathered in Soudan on Thursday, to celebrate the 130th anniversary of the first shipment of iron ore.

 
Advertisement