An encryption method that is used by many websites to protect users' sensitive data, including passwords, bank accounts, and Social Security numbers, has been found to have a significant bug that makes this information vulnerable. Researchers are calling it "Heartbleed" because it attacks the heartbeat portion of the OpenSSL. When the memory on a running OpenSSL is exploited, hackers have potential access to usernames and passwords, trade secrets, and the private encryption keys that organizations use to communicate privately with their customers. On Tuesday, Tumblr and Lastpass were already warning users to change their usernames and passwords. "Companies need to get new encryption keys and users need to get new passwords immediately," said David Chartier, the chief executive at Codenomicon. "And do it quickly."
No comments:
Post a Comment