“Heartbleed” bug uncovering cyber-criminals

The Heartbleed bug has turned cyber criminals from attackers into victims as researchers use it to grab material from chatrooms where they trade data.

Discovered in early April, Heartbleed lets attackers steal data from computers using vulnerable versions of some widely used security programs.


Now it has given anti-malware researchers access to forums that would otherwise be very hard to penetrate.

The news comes as others warn that the bug will be a threat for many years.

French anti-malware researcher Steven K told the BBC: “The potential of this vulnerability affecting black-hat services (where hackers use their skills for criminal ends) is just enormous.”

Heartbleed had put many such forums in a “critical” position, he said, leaving them vulnerable to attack using tools that exploit the bug.

Source: BBcNews


Heartbleed bug security alert

There’s nothing users can do until the web services have made their sites secure. The best advice for web users to wait for few days and then change the passwords on the web services you use.

For websites, the fix-it involves installing software patches on computers in their data-centres, then swapping out the confidential software key used to secure messages and transactions.

Users will largely need to depend on individual sites to notify them about whether the flaw has been addressed. Many major web services, like Yahoo, have already released such notices.

It’s a good time to review your passwords in general and any kind of formula that can help you to be protected from these types of bugs.

The Heartbleed scare, even if it doesn’t turn out to hurt many consumers, is a reminder of the importance of password hygiene. Changing passwords occasionally is a good idea, as is using a different password for each site. To vary passwords, Seiden suggests choosing a formula that is a variation on a theme. Pick out a core password of a mixture of six letters and numbers that are not a word.

What’s the Heartbleed Bug?

The major flaw can essentially allow attackers to gain access to highly sensitive information, including credit card numbers, usernames, passwords, and other sensitive data.

The vulnerability allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging and some virtual private networks.

Read More: http://economictimes.indiatimes.com