#357 April 14, 2014 – The Web suffers a heart attack

Download the mp3 version of this post, or subscribe through the iTunes Store.

This week’s headline story: The Web suffers a heart attack

heartbleedA newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected. The bug was found in a type of software called OpenSSL, which is used on servers to encrypt sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable.

It’s unclear exactly how much Heartbleed has been exploited, and what data has been stolen. But tests have shown that the security hole can be exploited to steal a server’s encryption keys, and then use those keys to impersonate servers or to decrypt communications.

Security experts are advising users to change their passwords on services where the security hole has been patched, warning that changing passwords on unpatched systems will only serve to make new passwords vulnerable to hackers. A list of which sites have been patched is available in the show notes.

 

and elsewhere in Tech News.

and in Information Security news this week..

  • Google Expands Virus Scans to All Apps, Not Just Play Store [NewsFactor]

    Reacting to increasing malicious apps targeting android devices, Google is expanding its Verify Apps service beyond the app store to periodically scan already installed applications on devices.

  • States Probe Massive Data Breach at Experian [NewsFactor]

    In what could be one of the biggest data breaches in history, the federal government and authorities in several states are investigating the criminal sale of Social Security numbers, bank account data and other personal information for up to 200 million U.S. citizens stolen from Experian subsidiary Court Ventures.

  • Making Retailers Liable for Damages from Hacking [NewsFactor]

    Motivated by the huge Target department store data breach, California lawmakers say retailers should be held liable for such hacks. One bill would shift the responsibility for any data breach from the banks and credit card issuers to the retail businesses where the breach occurred. The measure may create the year’s biggest business dispute.

and in Tech Industry news…

  • Twitter Applies a New Coat of Face(book) Paint [Ecommerce Times]

    Twitter is enriching its user profile features with larger profile photos, customizable headers, and an enlarged presentation of popular tweets. The new look is decidedly Facebookish. The intent is to give users more reasons to stay logged in and fewer reasons to use the competition.

and finally…

Sponsored by:

Cengage Learning Logo

© 2012 Cengage Learning, Inc. All rights reserved.

Republication, reproduction or redistribution of Cengage Learning, Inc. (“Cengage Learning”) content, including by framing or similar means, is prohibited without the prior written consent of Cengage Learning. To request permission to photocopy, duplicate, republish or otherwise reuse Cengage Learning material, or for efiles for students with disabilities, go to www.cengage.com/permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *