Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

The Biggest Security Breach in the History of the Internet May Have Hacked All Your Information

10/04/2014 by

W1siziisijiwmtqvmtavmjgvmtuvnduvmtyvnja5l2zpbguixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0


Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for as long as two years. It may be the biggest security breach in the history of the Internet.

In a blog post published Monday, the OpenSSL researchers dubbed the critical flaw “Heartbleed,” admitted that the glitch allows for easy, untraceable breaches of secure systems, and announced the release of an immediate fix. Originally discovered by Google researcher Neel Mehta, what went wrong with OpenSSL is now a massive problem with the potential to affect the majority of secure servers on the Internet controlling everything from banking to retail to email. Here’s how the OpenSSL team described the bug:

Bugs in single software or library come and go and are fixed by new versions. However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously.

What’s at risk? It’s not theoretical. The research team provided evidence that with awareness of the bug, they were able to breach Yahoo security and steal email logins and passwords without leaving a trace. They wrote:

We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Anyone who noticed and exploited the bug since it was introduced on March 14, 2012 could have easy access to an incomprehensible number of secure systems. And as TechCrunchnotes, even encrypted data illegally stolen from servers could eventually be forced open either with more stolen data or other methods, depending on server configuration. Redditors with awareness of the bug claim to have been able to identify vulnerabilities in sites ranging from Yahoo mail to their banks.

This article has been extracted from http://www.policymic.com, please click on this link to read the article in full http://www.policymic.com/articles/87209/the-biggest-security-breach-in-the-history-of-the-internet-may-have-hacked-all-your-information

Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.

For more information please visit www.montash.com

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdevmtgvmdkvmtqvmzmvmzk5l0vsuc5qcgcixsxbinailcj0ahvtyiisijm4mhgxmdajil1d

Sage bolsters X3 business ERP solution

2017-01-18 09:00:00 +0000

Sage, one of the global leaders in enterprise resource planning (ERP) solutions, has revealed that it has signed up a trio of new clients to its X3 business solution. With the Salesforce.com partner wanting to be able to show its ability to host larger clients, the firm revealed that BrightBridge, Atlas Cloud and CLOUT are all now utilising the new and emerging X3 ERP platform. Sage Vice President of UK Enterprise David Watts talked about the latest agr...

W1siziisijiwmtcvmdevmtcvmtavmzcvmzevmjq2l0nsb3vkighlywx0agnhcmuuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

Cloud computing making its mark in healthcare

2017-01-17 10:00:00 +0000

The cloud computing sector has grown quickly, and businesses in various sectors have been quick to take advantage of its many benefits to improve services. One such market is the healthcare industry, which has been able to improve diagnosing and enhance treatment methodologies as a result of new technologies over the past decade. Cloud technology is helping one area in particular – the healthcare of people living in remote locations who would not ordina...