Dangerous Internet Systems Threaten Pocketbooks Around the World

posted by Shopping4Bargains @ 9:00 AM
April 15, 2014

Jael asked me to report on the heartbleed hackers story while she checks with Taryn at I.E. Plexus, our on-line computer specialist, for recommendations on computer techies who can report on stories about computers and thefts for our site.

So I will try!  I’m not a computer person per se.  I watch stars, planets and man’s invasions up there, but nowadays so much of that is connected to computers.    But it’s not in the heavens, but on earth that men steal passwords and IDs.

HeartBleed-hit-list        In ‘The Heartbleed Hit List: The Passwords You Need to Change Right Now,’ mashable.com defines this bug as “an encryption flaw already being called one of the biggest security threats the Internet has ever seen.”  It lists social networks as particularly vulnerable, including:

“Facebook, Instagram, Pinterest, Tumblr, Google, Yahoo, Gmail, Yahoo Mail, Amazon Web Services for website operators, Etsy, Go Daddy, Flickr, Minecraft, Netflix, SoundCloud, and YouTube, USAA, Box, Dropbox, GitHub, IFTTT, OKCubpid, Wikipedia, WordPress, and Wunderlist.  Most of these companies claim to have applied security measures for greater protection.

In ‘Heartbleed Bug Health Report,  zmap.io lists a 1,000 popular web domains and mail services that, as of April 13, were still subject to vulnerability.  That site discusses the bug as “. . . a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords.”

Reuters explains that the officials are particularly concerned about this bug:  “The U.S. government warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the “Heartbleed” bug, as a German programmer took responsibility for the widespread security crisis. . . The bug allows hackers to steal data without a trace.

“Companies including Cisco Systems Inc, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk.”  That news service also quotes Kaspersky Lab researcher Kurt Baumgartner: “I have seen multiple networks with large user bases still unpatched today. The problem is a difficult one to solve.”  It also writes:

“OpenSSL software helps encrypt traffic with digital certificates and “keys” that keep information secure while it Internet-fruad-theftis in transit over the Internet and corporate networks. The vulnerability went undetected for several years, so experts worry that hackers have likely stolen some certificates and keys, leaving data vulnerable to spying. . . . the Federal Financial Institutions Examination Council regulatory group suggested that banks consider replacing those certificates and keys.”

Apparently, this problem started when a German programmer named Robin Seggelmann volunteered as a developer on the OpenSSL team.  He admitted in a recent blog post tat he wrote the faulty code responsible for the bug.  OpenSSL is a project supported by volunteer developers around the world.

These are expensive risks for volunteer work. It is unbelievable that computer companies have people reading, writing and endangering hard-earned dollars on such susceptibly weak systems.  Hopefully hackers will be caught and prosecuted.  As wholesale Christian Bibles insist:  If a thief “be found, he shall restore sevenfold; he shall give all the substance of his house (Proverbs 6: 31).”

Did you like this? Share it:

Leave a Reply


You must be logged in to post a comment.