New Bugs Found in Software Causing 'Heartbleed' Cyber Threat
By Naveena Joy | June 6, 2014 5:58 PM EST
The Heartbleed bug triggered the Internet with threat and panic two months back. A security researcher has found a new bug in the same Web encryption software.
Researcher Masashi Kikuchi wrote in a blog post he found another bug in OpenSSL, the encryption tool used in two-thirds of all Web sites to prevent hackers from stealing sensitive information like passwords or credit card data.
Reuters reported the new bug was disclosed as the group responsible for developing the software released an OpenSSL update that contains seven security fixes. It somehow allowed hackers to interfere or even changed the content of emails or Web traffic.
The experts involved asked the Web sites and technology firms that use the OpenSSL technology to install an update on all the systems as soon as possible. This will be a lengthy process hence it could take time to update as companies need to first test systems to ensure they are compatible with such updates.
The new bug is much more difficult to exploit for hackers that the Heartbleed as it requires them to interrupt traffic between two computers. Also, this vulnerability is only found on some older versions of the OpenSSL software.
Reuters highlighted OpenSSL technology is used on about two-thirds of all Web sites, including those run by Amazon.com, Facebook, Google and Yahoo. It is also incorporated into thousands of technology products from companies, including Cisco Systems, Hewlett-Packard, IBM, Intel Corp and Oracle.
Huffington.com pointed out OpenSSL software is written and maintained largely by four people from Europe along with few contributors. Most of them have full-time jobs, maintaining the code is only during spare time.
The programmers as a team earned less than $1 million last year for their work on OpenSSL from contractual work and charity. The programmers don't go through each and every line of code for flaws and also can't afford to pay for a formal code review.
The response to the Heartbleed bug was so high that several big technology companies, including Google, Facebook and Microsoft have joined hands in providing financial support to OpenSSL to engage experts who can work full-time in reviewing the codes.
To contact the editor, e-mail:
Most Popular Slideshows
- NFL MNF: Pittsburgh Steelers 30, Houston Texans 23 [PHOTOS]
- 2014 MLB World Series Game 1: San Francisco Giants 7, Kansas City Royals 1 [PHOTOS]
- 2014 MLB World Series - Game 2: Kansas City Royals 7, San Francisco Giants 2 [PHOTOS]
- NFL Thursday Recap - Denver Broncos 35, San Diego Chargers 21: Peyton Manning Has 3 TDs In Easy Win [PHOTOS]
Join the Conversation
- Sony Xperia Z3, Z1, Z1 Compact And Z Ultra Latest Firmware 23.0.A.2.108 And 14.4.A.0.155 Certified
- Android 5.0 Lollipop For Sony Xperia Z Devices Arriving By 2015; Z Ultra GPE Update Confirmed In 2014
- Samsung Galaxy Note Edge and Note 4 Designer Secrets: Behind The Materials, Edge Screen And S Pen
- 'World Of Warcraft' ‘The Iron Tide' 6.0.2 Patch Hotfixes Update Including New Resolved Issues Regarding Scenarios, Raids, Classes, Battlegrounds And Arenas
- Sony Xperia Z3 Launched In Japan Has 32 GB Storage Compared To 16 GB International Model
- Xiaomi Redmi 1S vs. Sharp Aquos Crystal – Specifications, Features And Price Showdown
- ASUS Releases A Teaser Indicating The Arrival of New Zenfone and ZenWatch On October 28
- Boy Stoned To Death For Alleged Rape, Victim Receives Dowry From Militants
- Three Dual SIM Samsung Galaxy Note 4 Duos Variants Comes To China
- Russia is Creating Underwater Combat Robots to Protect its Arctic Territories
- ‘Lone Wolf’ Attack on Canada Parliament Hill Could be ISIS-Related
- Android Lollipop 5.0 Confirmed for Nov 3 Rollout as Nexus 6 Global Release Date is Delayed – Reports