Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

The Biggest Security Breach in the History of the Internet May Have Hacked All Your Information

10/04/2014 by

W1siziisijiwmtqvmtavmjgvmtuvnduvmtyvnja5l2zpbguixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0


Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for as long as two years. It may be the biggest security breach in the history of the Internet.

In a blog post published Monday, the OpenSSL researchers dubbed the critical flaw “Heartbleed,” admitted that the glitch allows for easy, untraceable breaches of secure systems, and announced the release of an immediate fix. Originally discovered by Google researcher Neel Mehta, what went wrong with OpenSSL is now a massive problem with the potential to affect the majority of secure servers on the Internet controlling everything from banking to retail to email. Here’s how the OpenSSL team described the bug:

Bugs in single software or library come and go and are fixed by new versions. However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously.

What’s at risk? It’s not theoretical. The research team provided evidence that with awareness of the bug, they were able to breach Yahoo security and steal email logins and passwords without leaving a trace. They wrote:

We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Anyone who noticed and exploited the bug since it was introduced on March 14, 2012 could have easy access to an incomprehensible number of secure systems. And as TechCrunchnotes, even encrypted data illegally stolen from servers could eventually be forced open either with more stolen data or other methods, depending on server configuration. Redditors with awareness of the bug claim to have been able to identify vulnerabilities in sites ranging from Yahoo mail to their banks.

This article has been extracted from http://www.policymic.com, please click on this link to read the article in full http://www.policymic.com/articles/87209/the-biggest-security-breach-in-the-history-of-the-internet-may-have-hacked-all-your-information

Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.

For more information please visit www.montash.com

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdqvmjqvmtqvmzqvmzuvnjg3l3nodxr0zxjzdg9ja182mdq2otc5nziuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

What Does A Snap Election Mean For Recruitment?

2017-04-25 08:00:00 +0100

On Tuesday 18th April, Prime Minister Theresa May called a snap general election for 8th June, taking the nation by surprise. Rather than waiting until 2020, voters will now be casting their ballots in a matter of weeks. The hope for the government is that a Tory victory give the prime minister a strong mandate in parliament as Brexit negotiations begin. This sudden decision has been embraced by many in the recruitment industry due to the anticipated st...

W1siziisijiwmtcvmdqvmtkvmtuvndivntgvnjcyl3nodxr0zxjzdg9ja18xmja3mdi1ndcuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

Evolve or Die: The Importance of Being Agile

2017-04-19 18:00:00 +0100

In the high-speed world of IT, agility is essential if you want to stay on top. Over the last 20 years, Montash Managing Director Roy Dungworth has experienced many changes in the industry. But two things never change - the need for business agility and the importance of people. Roy shares his insights after two decades in the industry. The pace of the IT industry increases every year. The way people buy or consume information today is having an enormou...