A SE­CU­RITY CRI­SIS TWO YEARS IN THE MAK­ING

Qatar Today - - DEVELOPMENT > TECH TALK -

The Heart­bleed bug, which was made pub­lic in early April, has alerted in­ter­net users to the pos­si­bil­ity that their se­cure trans­ac­tions might not have been that se­cure after all.

Dis­cov­ered by a pro­gram­mer at Google, this bug has ap­par­ently been present in the OpenSSL pro­to­col for about two years now. Lu­cas Zaichkowsky, En­ter­prise De­fense Ar­chi­tect at Ac­cessData, said, “Es­sen­tially the SSL en­cryp­tion makes net­work and in­ter­net traf­fic un­read­able to any­one who in­ter­cepts it, thereby pro­tect­ing the sen­si­tive data and per­sonal in­for­ma­tion be­ing trans­mit­ted. The gist of the vul­ner­a­bil­ity is that at­tack­ers who ex­ploit it are able to steal the en­cryp­tion keys from in­ter­net servers and desk­top soft­ware us­ing OpenSSL and use those keys to de­crypt the data. Even if the soft­ware is patched, pre­vi­ously cap­tured en­crypted com­mu­ni­ca­tions can be still de­crypted us­ing the com­pro­mised keys.” It could po­ten­tially al­low hack­ers to steal pass­words, credit card data or even So­cial Se­cu­rity num­bers from two-thirds of web­sites that use this kind of en­cryp­tion. Gov­ern­ments and several com­pa­nies like Google and Face­book ad­vised users im­me­di­ately to change their pass­words; how­ever the first of the cy­ber­crimes re­lated to Heart­bleed are start­ing to come through with the Canada Rev­enue Agency re­port­ing the theft of So­cial In­surance Num­bers be­long­ing to 900 tax­pay­ers. The man who hacked into the site over a six-hour pe­riod was promptly ar­rested.

Newspapers in English

Newspapers from Qatar

© PressReader. All rights reserved.