Madison
78° F
Mostly Cloudy
Mostly Cloudy
Advertisement

Security bug Heartbleed takes over Internet

Published On: Apr 10 2014 09:59:37 PM CDT   Updated On: Apr 11 2014 07:27:09 AM CDT

A security bug set off a storm of worry across the Internet this week. Its name is Heartbleed and it could make websites vulnerable to hackers.

MADISON, Wis. -

A security bug set off a storm of worry across the Internet this week. Its name is Heartbleed and it could make websites vulnerable to hackers.

One data analysis website found more than 17 percent of the top 1 million sites on the web may have been exposed.

The bug compromised web encryption technology used on popular websites, potentially exposing personal information to hackers. But security experts said users shouldn't change their passwords just yet.

“I’m a bit obsessive about technology, so I’ve read quite a bit,” University of Wisconsin-Madison professor Jerome Camal said. “You have to take all of these things very seriously.”

Hackers took advantage of a leak in a system called OpenSSL that many major sites use to encrypt data. They tricked a server into turning the encrypted gibberish into readable information. Two-thirds of websites may have been vulnerable to this flaw.

The problem has persisted for two years and security experts had no idea.

“It was a badly written piece of code in that application and somebody figured out, 'If I do this, I can see all of this,'” said Madison College Information Security Director Mike Masino. “Theoretically, you could have gotten your username and password stolen any time throughout that this has been vulnerable.”

If you want to change your password, experts suggest holding off while websites big and small work to patch the problem.

Paypal, Chase and LinkedIn said they weren’t impacted, while other sites like Google said it has made the appropriate fixes.

“I think people who aren’t paying attention should definitely pay attention to it,” Camal said.

Madison companies UW Credit Union, Cuna and Meriter Health Services said they weren’t affected. But American Family Insurance said its systems that use OpenSSL are either not vulnerable or have been patched.

There is a website available where online users can check to see if a site is vulnerable.

Advertisement
  • Buddy Check 3

    Learn more about Buddy Check and sign up to get a reminder to perform a self-exam and remind your friends to do the same.

  • Cruiser

    Cruiser

    Your pet photos

    Email us a picture of you and your pet and we'll use it in out Pet Walk segment which airs every weekday morning at 6:40. Include your name, your pet's name and where you're from. Email to petwalk@wisctv.com.

  • Time for Kids - Explore the Outdoors

    Dean Clinic and WISC-TV3 are focusing on a year-long campaign to get kids off their electronics and into the outdoors.

Advertisement