Heartbleed Bug:Public urged to reset all passwords

| 09/04/2014

(BBC): Several tech firms are urging people to change all their passwords after the discovery of a major security flaw. The Yahoo blogging platform Tumblr has advised the public to "change your passwords everywhere – especially your high-security services like email, file storage and banking". Security advisers have given similar warnings about the Heartbleed Bug. It follows news that a product used to safeguard data could be compromised to allow eavesdropping. OpenSSL is a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it.

If an organisation employs OpenSSL, users see a padlock icon in their web browser – although this can also be triggered by rival products. Those affected include Canada's tax collecting agency, which halted online services "to safeguard the integrity of the information we hold". Google Security and Codenomicon – a Finnish security company – revealed on Monday that a flaw had existed in OpenSSL for more than two years that could be used to expose the secret keys that identify service providers employing the code.

They said that if attackers made copies of these keys they could steal the names and passwords of people using the services, as well as take copies of their data and set up spoof sites that would appear legitimate because they used the stolen credentials.

Other security experts have been shocked by the revelation "Catastrophic is the right word. On the scale of one to 10, this is an 11,” said Bruce Schneier.

Go to full BBC article
 

Category: World News

Comments (7)

Trackback URL | Comments RSS Feed

  1. Auntie Virus says:

    If you reset your Passwords BEFORE NOON yesterday that was too soon! Why couldn't you wait! You will have to re-set them now every hour for the next two weeks. Then store all your passwords in the bottom drawer. Under the socks. The recent problem was fixed. But took effect just before A NEW PROBLEM was found. They are working on a new fix. For the latest problem. You will be notified when this takes effect BUT UNTIL THIS HAPPENS WAIT. For added security it is suggested you store your Passwords in a different drawer every day. 

  2. Dreadlock Holmes says:

    It seems the more we are 'connected' the more vulnerable we become to invasions of privacy. Not a week goes by when we don't hear about some 'break down' in security. Meanwhile, we've been asked and sometimes forced to do increasing amounts of our personal business online for 'convenience sake'. Assuming of course that the ones proposing have taken all necessary precautions. Then bang! They were wrong. And unfortunately missed something. A piece of code whatever.The bottom line is..we should know by now..anything created by programmers can be circumvented by other programmers (hackers). For us this isn't convenient it is hugely inconvenient. Maybe we should take a step backwards and look at how much of our personal information we are willing to send into cyberspace. If it isn't too late.

    By the way, I am writing this comment on a tablet-very convenient and in order to send it I also allowed Google to have access.

  3. Anonymous says:

    Thanks for this great article, just changed all my passwords to newcastle united, they will never guess that one 

  4. Anonymous says:

    Do not fix anything yet, they have not found a fix for the problem.

    • Secured says:

      Not true. But I would wait a few more days to change ALL Other passwords. Here’s why; for sensitive and major websites we/you login to, change your passwords ASAP, like right now! The major websites would have already taken action and applied the fix or disabled the “Heartbleed’ feature of OpenSSL (or they may not have been vulnerable at all). For other websites (small vendors, forums etc), and there will be some, are not up to date or in testing or some such excuse given. A change of passwords now for these ‘non important websites’ might be in vain if the exploit in OpenSSL is still active on such websites See: Heartbleed Bug: http://heartbleed.com/

  5. Knot S Smart says:

    I just changed mine….

    My new password is eeine-meani-mani-mo…

    • Anonymous says:

      For strong security it should have eight characters and one capital. I use Snow White, Sleepy, Grumpy, Doc, Happy, Bashful, Dopey, Sneezy and Stake Bay.