Tuesday, April 8, 2014

Killer worm reaches the terrible twos

It is a two year old worm which has raised its ugly head. If you do not want to be devoured stop reading immediately and switch off the net. Immediately.
....
Web administrators and computer security researchers on Tuesday scrambled to fix a serious vulnerability in OpenSSL encryption used by thousands of web servers, including those run by email and web chat providers. The bug, dubbed Heartbleed, "allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software".

In other words hackers or cyber criminals can use the Heartbleed bug to steal private encryption keys from a server that is using OpenSSL protocols of SSL/TLS encryption and then snoop on the user data, including passwords. There are reports that servers of Yahoo, Imgur and Flickr have been affected. However, this is around two-year-old bug and hence no one knows for sure how many people have exploited it at how many servers have been compromised.

The bug is so serious and widespread that Tor Project, which manages the anonymous Tor network, has advised web users to go offline for a while. "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," it said in a blog post.

...
regards