[QODLink]
Americas

Governments warn of Heartbleed bug threat

Banks and other businesses urged to be on alert for hackers seeking to steal data.

Last updated: 12 Apr 2014 11:47
Email Article
Print Article
Share article
Send Feedback
The Canadian government shut down federal websites as a precaution against possible security breaches

The US government has warned banks and other businesses to be on alert for hackers seeking to steal data exposed by the "Heartbleed" bug, as a German programmer took responsibility for the widespread security crisis.

On a website for advising critical infrastructure operators about emerging cyber threats, the Department of Homeland Security asked organisations to report any Heartbleed-related attacks, adding that hackers were attempting to exploit the bug in widely used OpenSSL code by scanning targeted networks.

The German government also called the bug "critical" and the Canadian government has shut down federal websites as a precaution.

Federal regulators also advised financial institutions to patch and test their systems to make sure they are safe. 

OpenSSL is technology used to encrypt communications, including access to email, as well as websites of big Internet companies like Facebook Inc, Google Inc  and Yahoo Inc.

The bug, which surfaced on Monday, allows hackers to steal data without a trace. No organisation has identified itself as a victim, yet security firms say they have seen well-known hacking groups scanning the web in search of vulnerable networks.

The vulnerability went undetected for several years, so experts worry that hackers have likely stolen some keys, leaving data vulnerable to spying.

Technology analyst Carmi Levy told Al Jazeera that the bug was a "watershed moment in Internet security", adding that the flaw would force everyone to take security online much more seriously.
NSA controversy

Attention has turned to US intelligence agencies, such as the NSA, and what they knew about the flaw. The White House denied that any part of the government was aware of "Heartbleed", dismissing reports that the NSA exploited the glitch to collect intelligence.

The White House and the spy agency released statements after news outlet Bloomberg reported that the NSA was aware of the bug for at least two years and exploited it in order to obtain passwords and other information used in hacking operations.

The report cited two unnamed sources it said were familiar with the matter.

"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House National Security Council spokeswoman Caitlin Hayden said in a statement.

OpenSSL is an open source project, which means that it is supported by developers worldwide who volunteer to update and secure its code.

Robin Seggelmann, a German programmer who volunteers as a developer on the OpenSSL team, said on Friday that he had written the faulty code responsible for the vulnerability while working on a research project at the University of Munster.

"OpenSSL in particular still lacks the support it needs, despite being extremely widely available and used by millions. Although there are plenty of users, there are very few actively involved in the project," Seggelmann said in a post on a Deutsche Telekom website.

462

Source:
Al Jazeera And Reuters
Email Article
Print Article
Share article
Send Feedback
Topics in this article
People
Country
City
Organisation
Featured on Al Jazeera
As Western stars re-release 1980s charity hit, many Africans say it's a demeaning relic that can do more harm than good.
At least 25 tax collectors have been killed since 2012 in Mogadishu, a city awash in weapons and abject poverty.
Tokyo government claims its homeless population has hit a record low, but analysts - and the homeless - beg to differ.
3D printers can cheaply construct homes and could soon be deployed to help victims of catastrophe rebuild their lives.
Featured
Pro-Russia leaders' election in Ukraine's east shows bloody conflict is far from a peaceful resolution.
Critics challenge Canberra's move to refuse visas for West Africans in Ebola-besieged countries.
A key issue for Hispanics is the estimated 11.3 million immigrants in the US without papers who face deportation.
In 1970, only two mosques existed in the country, but now more than 200 offer sanctuary to Japan's Muslims.
Hundreds of the country's reporters eke out a living by finding news - then burying it for a price.