Entries in Heartbleed (4)

Monday
Jun232014

Around 300,000 sites are still at risk against Heartbleed

Your favorite social networks and other popular services might have already patched the vulnerability caused by the Heartbleed bug but there is still a significant chunk of the internet that is still at risk. According to Robert Graham of Errata Security, there are 309,197 systems that are still at risk at the beginning of May. When Heartbleed was discovered in April, Graham discovered that 615,268 websites were at risk. While there are a large number of sites that have been able to patch the vulnerability, there is still that huge number that may or may not even deal with the issue. Graham refused to name the sites because he doesn’t want to make it easier on hackers to get into these systems.

Source: Slate

Thursday
Apr172014

First arrest made on CRA Heartbleed hack that stole 1,000 Social Insurance Numbers

The RCMP has arrested suspected hacker Stephen Arthuro Solis-Reyes who's being accused of hacking the Canada Revenue Agency website and 1,000 Social Insurance Numbers using the Hearbleed explot. The 19-year-old man from London, Ontario had his computer seized as evidence. The CRA didn't react quickly enough to the Heartbleed hack, which resulted in the pilfering of the SINs. The breach caused a shutdown of the systems for online filing of taxes, effectively extending the April 30 deadline.

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” said Assistant Commissioner Gilles Michaud.

Source: RCMP

Monday
Apr142014

Hackers take 900 Canadian tax IDs using Heartbleed

Hackers were quick to take advantage of the Heartbleed vulnerability and breached the Canada Revenue Agency to take around 900 Social Insurance Numbers and other unidentified business data. According to Engadget, the security breach happened after the public learned about Heartbleed. The agency tried to secure its system immediately but they weren’t apparently fast enough. There are reportedly no other breaches aside from this incident and the authorities are applying more security measures to make sure the compromised accounts won’t be misused.

Saturday
Apr122014

Infographic shows the passwords you need to change due to Heartbleed

A lot of the popular websites have been affected by the Heartbleed bug. This vulnerability in the OpenSSL cryptographic software library allows hackers to steal your personal information and snoop into your online communication directly from the sites. Sites are currently working to stop the leak but it is still important for you to change your password (some services are even reminding you to do so). But just in case you want to see which of the sites you use are affected VentureBeat shared an infographic made by LWG Consulting. You can view the full-sized graphic here.