Now this bug has isn't anything new, it has been around since December 2011, but didn't start effecting security until the release of OpenSSL 1.0.1 in March 2012. So the 18% of the internet effected now would certainly be a lot larger one year ago. Fortunately the latest update of Open SSL fixes the bug, strangely over 2 years since its release. However, the official website releasing information about this bug states that:
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.
So it's very possible that these vulnerabilities granted someone access to your personal computer files; so even if they can't access your bank account from the vulnerable sites they may be able to access it elsewhere from within your computer memory. The Canadian Revenue Agency even shut down their online tax filing while this issue is going on, clearly looking out for their citizens. Something that America is yet to do.
Some of the websites that are not experiencing these vulnerabilities include Google and Facebook. Both of these sites are considered "First Tier" by the potential internet tier system. It's certainly possible that this event will be looked at as a sign that the government needs to intervene in internet freedom. This is something they've been trying to attack for a few years with SOPA, CISPA and even the NSA. This is clearly speculation but it's certainly a possibility that the government was hoping for something like this to happen. The SOPA bill was introduced in October 2011, only two months before the bug was introduced to the internet.
Now the media has been talking about this briefly but this should certainly be the most important story considering all internet users are at serious risk. ABC News simply had a small link to the story in their "Money" section, showing people how to protect themselves. Protecting oneself right now isn't the issue, it's that this bug has been around for over two years.
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
http://heartbleed.com/
http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html
http://www.edmontonjournal.com/business/shuts+down+electronic+filing+protect+security+taxpayer/9718322/story.html
No comments:
Post a Comment