The Heartbleed bug makes it possible for hackers to retrieve code from websites and other online services that would give them access to other information, including user data and passwords. The bug affects services that use the widely popular OpenSSL security library.
OpenSSL is the technology that secures websites that use HTTPS encryption to keep data protected. Users might recognize this from the URL of many of the websites that they use on a regular basis.
"The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr said. More...
In a complaint filed on Monday in Chicago federal court, Trustmark National Bank and Green Bank NA accused the defendants of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records, including addresses and phone numbers.
The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. These losses could increase, they said, if criminals ultimately use several million stolen cards as some analysts project. More...
In each of the Pwn2Own and Pwnium competitions, contestants are challenged to exploit vulnerabilities in supposedly secure software to execute malicious code – and walk away with cash if their attacks are successfully demonstrated on stage. The techniques used to own a program are privately disclosed so that the bugs can hopefully be fixed.
HP TippingPoint's Pwn2Own competition netted researchers $850,000 as all the major browsers – Chrome, Safari, Internet Explorer and Firefox – fell to attacks within the 30-minute timeframe for each, along with Flash. Only Java held up to the time-limited attacks, although researchers attempting to crack Oracle's code did come up with some interesting techniques that just took too long. More...
- Internet users advised to change passwords due to 'Heartbleed' bug
- Target, security auditor Trustwave are sued over data breach
- Is no browser safe? Security bods poke holes in Chrome, Safari, IE, Firefox and earn $1m
- Email Attack on Vendor Set Up Breach at Target
- With data vulnerable, retailers look for tougher security
- Target Struck in the Cat-and-Mouse Game of Credit Theft
- Technology firms seek government surveillance reform
- Rise of the Machines: Internet-Connected Devices
- Mystery traffic redirection attack pulls net traffic through Belarus, Iceland
- Silicon Valley Nerds Seek Revenge on NSA Spies With Coding