The Clinton Herald, Clinton, Iowa

Business & Technology

April 9, 2014

Fix released for widespread Internet security hole

SAN FRANCISCO — Researchers have pushed out a fix for a security flaw that affects as many as two-thirds of all Internet servers and could let hackers intercept encrypted traffic including email messages, banking information, usernames and passwords.

The flaw and the fix, which researchers disclosed on April 7, involves a two-year-old programming mistake in OpenSSL. OpenSSL is an open-source software that is widely used by Internet companies to secure traffic flowing between servers and users' computers. SSL refers to an encryption protocol known as Secure Sockets Layer.

The vulnerability, dubbed Heartbleed, was discovered by researchers from Google and Codenomicon, a security firm based in Finland, and reported to OpenSSL, according to a blog post from Codenomicon. It isn't known whether malicious hackers knew about the bug and were exploiting it, the researchers wrote.

The revelation comes at a time of mounting concern about hackers' capabilities following consumer data breaches at Target and Neiman Marcus Group and the spying scandal involving the National Security Agency.

People should change their passwords for sensitive sites to be on the safe side, said Zully Ramzan, chief technology officer of Elastica, a cyber-security firm.

"The one saving grace with this flaw is that it was relatively simple to spot and as a result very simple to fix," Ramzan wrote in an email Tuesday. "That said, OpenSSL is incredibly widespread. It's literally the most popular implementation of SSL on the planet. So any compromise in its security has far reaching implications."

OpenSSL runs on as many as 66 percent of all active sites on the Internet, though many large consumer sites aren't vulnerable to being exploited because they use specialized encryption equipment and software, the researchers wrote. A test site allows website administrators to check whether their properties are affected.

Google and Facebook said in e-mailed statements Tuesday that their properties aren't vulnerable to the flaw. Tests on the homepages of other large technology, e-commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

"The security of our users' information is a top priority," Google said in its statement. "We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

In a statement, Facebook said it "added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts."

1
Text Only
Business & Technology
  • China McDonald's KFC [Duplicate] China meat scandal hits Starbucks, Burger King BEIJING — A suspect meat scandal in China engulfed Starbucks and Burger King today and spread to Japan where McDonald’s said the Chinese supplier accused of selling expired beef and chicken had provided 20 percent of the meat in its chicken nuggets.C

    July 22, 2014 5 Photos

  • Wal-Mart to cut prices more aggressively in back-to-school push

    Wal-Mart Stores plans to cut prices more aggressively during this year's back-to-school season and will add inventory to its online store as the chain battles retailers for student spending.

    July 21, 2014

  • Hospitals let patients schedule ER visits

    Three times within a week, 34-year-old Michael Granillo went to the emergency room at Northridge Hospital Medical Center in Los Angeles because of intense back pain. Each time, Granillo, who didn't have insurance, stayed for less than an hour before leaving without being seen by a doctor.

    July 21, 2014

  • McDonald's, KFC in China face scandal BEIJING — McDonald’s and KFC in China faced a new food safety scare today after a Shanghai television station reported a supplier sold them expired beef and chicken.The companies said they immediately stopped using meat from the supplier, Husi Food C

    July 21, 2014

  • Your chocolate addiction is only going to get more expensive

    For nearly two years, cocoa prices have been on the rise. Finally, that's affecting the price you pay for a bar of chocolate - and there's reason to believe it's only the beginning.

    July 18, 2014

  • Facebook tests button to let people shop from its website

    Members on desktop computers or mobile devices can click a "buy" button to make purchases through advertisements or other posts on the world's largest social network, the Menlo Park, California-based company said Thursday in a blog post.

    July 18, 2014

  • Microsoft cutting 18,000 jobs, signals new path

    Microsoft announced the biggest layoffs in its history Thursday, saying it will cut 18,000 jobs or 14 percent of its workforce as it streamlines its Nokia mobile device business to focus on using the Windows Phone operating system.

    July 17, 2014

  • web_starbucks-cof_big_ce.jpg Starbucks sees more Apple-like stores after Colombia debut

    This week Starbucks opened its first location in Colombia — a 2,700-square-foot store with a heated patio, concrete columns, mirrors on the ceiling and walls of colorful plants.

    July 17, 2014 1 Photo

  • Rejected Time Warner bid by Fox shows growth mood NEW YORK (AP) — In a move that aims to counter consolidation among TV distributors, Rupert Murdoch’s Fox has made an unsolicited takeover offer for rival media giant Time Warner for about $76 billion in cash and stock.Time Warner rejected the bid, wh

    July 17, 2014

  • What happens to your online accounts when you die?

    You've probably decided who gets the house or that family heirloom up in the attic when you die. But what about your email account and all those photos stored online?

    July 16, 2014

Facebook