IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Marp2 · ‎01-31-2012

You trust your banking or Web mail sites to protect your communications when you see the little lock icon in your Web browser. This is why you're OK with typing passwords into Hotmail or your credit card numbers into Amazon.

A popular piece of software called OpenSSL is used by Internet companies to provide this kind of security. On March 14, 2012, someone introduced a bug that would allow an attacker to get the "crown jewels," the encryption keys used to protect your communications directly from the companies themselves.

With those keys, an attacker could eavesdrop on your communications with that company and/or impersonate that company, making it possible for them to harvest things like credit card numbers or passwords with relative ease.

This isn't just a theoretical attack. Security researchers and passwords on local networks this morning. As of 2 p.m. ET Tuesday, Yahoo!'s servers were still vulnerable, . But by 3 p.m. ET, Yahoo told CNET it fixed the primary vulnerability on its main sites. Yahoo said:

MORE: http://www.npr.org/blogs/alltechconsidered/2014/04/08/300602785/the-security-bug-that-affects-most-o...

Lion · ‎03-09-2010

Very troubling stuff, Marp. Can we ever really expect to be safe and private on the internet?

More & more, I don't think so. It seems like a cr&p shoot.

**********
"The truth is like a lion. You don't have to defend it. Let it loose. It will defend itself."
- Augustine

Be Vigilent

tansy · ‎01-02-2011

I'm thinking I should change up our passwords much more frequently:/

stilltamn8r · ‎03-14-2010

What I want to know is if this happened in2012, how come it is just affecting us now? Tech people can you explain? biancardi?

Tinkrbl44 · ‎08-23-2010

Yes, they want your encryption information with cards and bank accounts, but the REAL holy grail to hackers and virus makers are for the information and contacts on FACEBOOK ...... Can you imagine if a powerful virus ran through the computers of everyone who has a FB account ..... and every one of their contacts? ..... The number has to be in the billions!

BTW, if you haven't completely read Facebook's TERMS OF USE, do so immediately. You practically signed your life away!

I'm shocked at how many people never bothered to do so! ${#emotions_dlg.scared}$

Marp2 · ‎01-31-2012

I have not yet tried to track down how this bug was discovered, just know that it was Google researchers that found it on Monday. I don't think anyone knows when it was first exploited, just when it was able to be activated. The "Attacks leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited."

THIS article and embedded links contain much more information than the original article cited in the OP.

Apparently the patch itself is not necessarily enough to protect secure site.

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-t...

ETA: Direct quote in paragraph 1 is from the linked article.

Featured

Categories

Community Chat

IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Re: IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Re: IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Re: IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Re: IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Re: IMPORTANT INFO: The Security Bug That Affects Most Of The Internet, Explained

Contact Us

Stay in Touch

Manage Your Account

Get More with QCard®

Customer Service

Connect with Us

Learn About Us

Work with Us

Stay Connected

Download Our QVC Apps

This is Shopping Brought to Life.

Policies & Information

QVC International