A SECURITY CRISIS TWO YEARS IN THE MAKING
The Heartbleed bug, which was made public in early April, has alerted internet users to the possibility that their secure transactions might not have been that secure after all.
Discovered by a programmer at Google, this bug has apparently been present in the OpenSSL protocol for about two years now. Lucas Zaichkowsky, Enterprise Defense Architect at AccessData, said, “Essentially the SSL encryption makes network and internet traffic unreadable to anyone who intercepts it, thereby protecting the sensitive data and personal information being transmitted. The gist of the vulnerability is that attackers who exploit it are able to steal the encryption keys from internet servers and desktop software using OpenSSL and use those keys to decrypt the data. Even if the software is patched, previously captured encrypted communications can be still decrypted using the compromised keys.” It could potentially allow hackers to steal passwords, credit card data or even Social Security numbers from two-thirds of websites that use this kind of encryption. Governments and several companies like Google and Facebook advised users immediately to change their passwords; however the first of the cybercrimes related to Heartbleed are starting to come through with the Canada Revenue Agency reporting the theft of Social Insurance Numbers belonging to 900 taxpayers. The man who hacked into the site over a six-hour period was promptly arrested.