• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Your email Password, Credit Card at Risk—Web Encryption Compromised by ‘Heart Bleed’ Bug

April 9th, 2014 Pushpa Mishra Security 0 comments
Your email Password, Credit Card at Risk—Web Encryption Compromised by ‘Heart Bleed’ Bug
Share on FacebookShare on Twitter

The new bug allows attackers to gain sensitive information protected by the SSL/TLS encryption.

A new exploit in the open SSL, the core cryptographic library, has been reported by security researchers. The exploit could easily allow the attackers to gain access to information such as credit card numbers, usernames, passwords, and other sensitive data.

The Google security researcher, Neel Mehta, and another security research firm Codenomicon, discovered the flaw and reported that attackers can abuse this flaw without leaving a trace.

Image credit: Business Insider

The bug, called Heartbleed, is a serious vulnerability in the openSSL cryptographic software library, which allows stealing of the protected information.

SSL is the encryption standard used by majority of the websites for secure data transmission through an email or IM chat. Occasionally, a computer checks for a secure connection at the other end through a small packet of data called hearbeat.

Following is the tweet sent by a security researcher:

Do not login to Yahoo! The OpenSSL bug #heartbleed allows extraction of usernames and plain passwords! pic.twitter.com/OuF3FM10GP

— Mark Loman (@markloman) April 8, 2014

The researchers discovered that a programming error in the implementation of OpenSSL allows a well-disguised packet of data similar to hearbeats to trick the computer at the other end to send data stored in its memory.

This flaw, thus leads to leak in memory content from the server to the client and from the client to the server.

  • The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” said the heartbleed website.

The leaked materials include primary key materials such as encryption keys; secondary key materials like user names and passwords; protected content such as personal or financial details, private communication, instant messages, documents or anything worth protecting by encryption; and collateral such as memory addresses and canaries used for protection against overflow attacks.

The bug was introduced in openSSL in December 2011 and has been in open since the release of openSSL 1.0.1 on 14 March, 2012.

  • As long as the vulnerable version of OpenSSL is in use it can be abused,” says the website.

According to the website, openSSL1.0.1g released on 7 April 2014 fixes the bug.

  • Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.”

The researchers who discovered the vulnerability have acted responsibly by informing the developers behind openSSL before making it public, thus allowing them to fix the bug.

Follow @HackRead

  • Tags
  • Email
  • emails
  • Flaw
  • hacking
  • Hacks
  • Heartbleed
  • security
  • SSL/TLS encryption.
  • Vulnerability
  • Yahoo
Facebook Twitter LinkedIn Pinterest
Previous article Facebook could be developing Anonymous app that will force users to confess their secrets: Report
Next article Use LastPass checker to find sites vulnerable to 'Heartbleed' and if you've to change your password
Pushpa Mishra

Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

55
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

90
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

110

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us