Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

interestrateripoff

Heartbleed Flaw Described As 'catastrophic' By Experts: 'on The Scale Of 1 To 10, This Is An 11'

Recommended Posts

http://www.independent.co.uk/life-style/gadgets-and-tech/heartbleed-bug-undermines-the-safety-of-nearly-two-thirds-of-the-web-9247918.html

A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.

The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.

Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.

Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.

The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.

So is HPC a risk, have all our passwords been compromised?

Share this post


Link to post
Share on other sites

Why ONLY one another other thread about this subject?

Mods, please question why a supposedly global threat to identity / security / privacy / the open source movement is of so little interest to HPC / BBC / ITV / Channel 4 / Jeremy Vine / etc merge.

Fixed

Share this post


Link to post
Share on other sites

HPC doesn't even use ssl. Our passwords are useless. Anybody can read them in clear.

Are you a "packet sniffer"? I think we may have a few here! :blink:;)

Share this post


Link to post
Share on other sites

The significance of this, IMHO, is that it is the first major instance of a serious IT issue affecting consumers that the consumer can do nothing to prevent, because the vulnerability does not lie in their computer, but rather in the one at the other end of the line. So you can take all the precautions and use all the anti-malware software you like, but if the data needed to take money from your account is leaked by the computer of the retailer you're buying stuff from, it really doesn't matter.

Card issuers, banks and the law are going to have to come up with a coherent regulatory approach to deal with this problem. That approach is going to have to say that in essence, unless a financial institution can prove beyond reasonable doubt that the account holder divulged their security details negligently, they have to refund. The end result will probably be greater regulation of online retailing sites to ensure that their security is up to snuff.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   211 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.