The Buffalo News on Internet security issues after discovery of the “Heartbleed” vulnerability:
The latest worry about security and privacy on the Internet revolves around a damaging bug called Heartbleed.
Heartbleed is a threat that exploits a flaw in the encryption technology that is supposed to protect our email, instant messaging and electronic commerce. For years we’ve been reassured that if we see a closed padlock and “https” in the browser address line, then information sent over that connection is secure from hackers. Now it turns out that is not true.
The security flaw has the potential to wreak havoc on untold numbers of people in the most subtle and not so subtle ways, as it went undetected for more than two years. The bug creates an opening in the encryption technology known as SSL/TLS. The problem affects only the variant of SSL/TLS known as OpenSSL, which happens to be one of the most common on the Internet.
Experts have recommended people change their passwords, but have been unable to agree on when they should do so. Some have said right away, while others cautioned patience until affected websites patch the flaw. For the truly cautious, change passwords right away, then again after websites are patched.
But it turns out there’s more to worry about than major Internet companies like Yahoo and Amazon. Now, security experts are saying the potential for damage could extend to the inner workings of the Internet and the plethora of devices that connect to it.
That could include home routers and printers that have OpenSSL built into their hardware.
Major retailers were the targets of hackers during the last Christmas shopping season, and personal information on tens of millions of customers was stolen. Defense Secretary Chuck Hagel says China is ramping up its cyberespionage against the United States. A Senate report in February said government agencies are ill-prepared to guard networks against even average-level hackers. Now we have the Heartbleed revelations.
The Internet revolutionized the way we conduct our lives, which is why it is so important that it be made safe and secure.