Notes

Online Confusion Created by Heartbleed Bug

Online confusion caused by the Heartbleed bug Mark Ward Technology correspondent, BBC News



Computers susceptible to the Heartbleed virus are being targeted online, say security experts.



However, it's not yet clear if the scanning processes are harmless or are the work of cyber-thieves keen to steal data, they say.



This news comes as security professionals and developers advised people change their passwords.



But Google said that logins for its services did not need to be reset unless they were used on other sites.



This contradicts advice from Yahoo's blogging platform Tumblr and the creators of If This Then That, who advised users to change their passwords "everywhere".



This contradictory guidance is complicated by the fact that experts state that updating a password is not necessary unless the site has patched its server , however, it's not always obvious.



Attack pattern



News about the Heartbleed vulnerability was announced on 8 April and has triggered an explosion of activity as web companies look to determine if their systems are infected.



The bug emerged in software that should have kept data passing between sites and users from scrutiny. The bug allowed attackers to use specially designed queries to steal data slowly from servers.



Ars Technica reported on the evidence that sites had discovered evidence of bot networks searching them for Heartbleed vulnerability well before the vulnerability was revealed.



Security researchers are also receiving information about scans of servers that are vulnerable. One scan proved to pose no threat as the person behind it told the gaming company who operated the computers that they were leaked data.



Ken Munro, an analyst with security company Pen Test Partners, stated that it's difficult to spot an attack without actively searching for it. He added that many intrusion detection systems have signatures that can spot subtle signs that an attack such as Heartbleed is underway.



Additionally, organizations operating "honeypots" which attempt to trick hackers into attacking bogus web servers have code written that generates bogus server data in response to Heartbleed requests.



According to Netcraft statistics, approximately 500,000 servers are at risk of the Heartbleed virus.



Many of the major sites that had vulnerable servers have now patched their systems and many others are following suit. However, a lot of sites are still vulnerable. Websites have sprung up that allow users to check whether a website they are using is insecure.



Different companies have offered web users conflicting advice about changing their passwords. Google stated that users do not need to update their credentials; Facebook advised users to make a change; and others such as the web service If This Then That, said users should change their passwords on a regular basis.



James Lyne from Sophos' global head of research advised that users first verify that the site they are using is vulnerable to the bug. Evina He said that changing passwords on unsecure websites could expose users to data theft.



He also stated that the rush to change passwords could encourage organizations that phish to send fake messages to users urging them to reset their passwords.



"This isn't the first error of its kind, and it isn't likely to be the last, but it's one of the more serious faults we've seen in recent internet history," said Mr Lyne.



Heartbleed: Do You Really Need to Worry?



10 April 2014



Tech firms urge reset of passwords



9 April 2014



Huge security bug fixed with a scramble



Hackers thwarted by nettimekeepers



20 March 2014



LastPass



LastPass - LastPass Heartbleed checker


Read More: https://evina.si/