Madison
64° F
Clear
Clear
Advertisement

Security bug Heartbleed takes over Internet

Published On: Apr 10 2014 09:59:37 PM CDT   Updated On: Apr 11 2014 07:27:09 AM CDT

A security bug set off a storm of worry across the Internet this week. Its name is Heartbleed and it could make websites vulnerable to hackers.

MADISON, Wis. -

A security bug set off a storm of worry across the Internet this week. Its name is Heartbleed and it could make websites vulnerable to hackers.

One data analysis website found more than 17 percent of the top 1 million sites on the web may have been exposed.

The bug compromised web encryption technology used on popular websites, potentially exposing personal information to hackers. But security experts said users shouldn't change their passwords just yet.

“I’m a bit obsessive about technology, so I’ve read quite a bit,” University of Wisconsin-Madison professor Jerome Camal said. “You have to take all of these things very seriously.”

Hackers took advantage of a leak in a system called OpenSSL that many major sites use to encrypt data. They tricked a server into turning the encrypted gibberish into readable information. Two-thirds of websites may have been vulnerable to this flaw.

The problem has persisted for two years and security experts had no idea.

“It was a badly written piece of code in that application and somebody figured out, 'If I do this, I can see all of this,'” said Madison College Information Security Director Mike Masino. “Theoretically, you could have gotten your username and password stolen any time throughout that this has been vulnerable.”

If you want to change your password, experts suggest holding off while websites big and small work to patch the problem.

Paypal, Chase and LinkedIn said they weren’t impacted, while other sites like Google said it has made the appropriate fixes.

“I think people who aren’t paying attention should definitely pay attention to it,” Camal said.

Madison companies UW Credit Union, Cuna and Meriter Health Services said they weren’t affected. But American Family Insurance said its systems that use OpenSSL are either not vulnerable or have been patched.

There is a website available where online users can check to see if a site is vulnerable.

Advertisement
  • American flag hanging down

    Memorial Day by the numbers

    Memorial Day is a time to reflect on those who've died in service to the country while also being widely considered the unofficial start to summer for many Americans. Take a look at the numbers behind the holiday.

  • American flag, soldier's hat, Memorial Day, Veterans Day

    Karen Barefoot/SXC

    Memorial Day: A history in pictures

    As you wrap up the holiday weekend, look back at the history of Memorial Day through old and new images.

  • Misconceptions - Underemployed

    freeimages.com

    Misconceptions about life after college

    Accenture surveyed around 1,000 student who are newly entering the job market for 2016, in addition to those who graduated within the last two years, Yahoo News reports.

    This year overall is looking bright for the class of 2016, but there is data that shows trends new grads shouldn't overlook.

Advertisement