Stay in Touch
Get sneak previews of special offers & upcoming events delivered to your inbox.
Sign in
04-08-2014 06:02 PM
You trust your banking or Web mail sites to protect your communications when you see the little lock icon in your Web browser. This is why you're OK with typing passwords into Hotmail or your credit card numbers into Amazon.
A popular piece of software called OpenSSL is used by Internet companies to provide this kind of security. On March 14, 2012, someone introduced a bug that would allow an attacker to get the "crown jewels," the encryption keys used to protect your communications directly from the companies themselves.
With those keys, an attacker could eavesdrop on your communications with that company and/or impersonate that company, making it possible for them to harvest things like credit card numbers or passwords with relative ease.
This isn't just a theoretical attack. Security researchers and passwords on local networks this morning. As of 2 p.m. ET Tuesday, Yahoo!'s servers were still vulnerable, . But by 3 p.m. ET, Yahoo told CNET it fixed the primary vulnerability on its main sites. Yahoo said:
MORE: http://www.npr.org/blogs/alltechconsidered/2014/04/08/300602785/the-security-bug-that-affects-most-o...
04-08-2014 07:05 PM
Very troubling stuff, Marp. Can we ever really expect to be safe and private on the internet?
More & more, I don't think so. It seems like a cr&p shoot.
04-08-2014 07:39 PM
04-09-2014 12:22 PM
What I want to know is if this happened in2012, how come it is just affecting us now? Tech people can you explain? biancardi?
04-09-2014 12:35 PM
Yes, they want your encryption information with cards and bank accounts, but the REAL holy grail to hackers and virus makers are for the information and contacts on FACEBOOK ...... Can you imagine if a powerful virus ran through the computers of everyone who has a FB account ..... and every one of their contacts? ..... The number has to be in the billions!
BTW, if you haven't completely read Facebook's TERMS OF USE, do so immediately. You practically signed your life away!
I'm shocked at how many people never bothered to do so!
04-09-2014 12:46 PM
I have not yet tried to track down how this bug was discovered, just know that it was Google researchers that found it on Monday. I don't think anyone knows when it was first exploited, just when it was able to be activated. The "Attacks leave no traces in server logs, so there's no way of knowing if the bug has been actively exploited."
THIS article and embedded links contain much more information than the original article cited in the OP.
Apparently the patch itself is not necessarily enough to protect secure site.
ETA: Direct quote in paragraph 1 is from the linked article.
Get sneak previews of special offers & upcoming events delivered to your inbox.
*You're signing up to receive QVC promotional email.
Find recent orders, do a return or exchange, create a Wish List & more.
Privacy StatementGeneral Terms of Use
QVC is not responsible for the availability, content, security, policies, or practices of the above referenced third-party linked sites nor liable for statements, claims, opinions, or representations contained therein. QVC's Privacy Statement does not apply to these third-party web sites.
© 1995-2024 QVC, Inc. All rights reserved. | QVC, Q and the Q logo are registered service marks of ER Marks, Inc. 888-345-5788