Current affairs News Science, Health & Technology

Public urged to protect passwords amidst Heartbleed bug worry

Public urged to protect passwords amidst Heartbleed bug worry

Experts have warned the public to change their computer and phone passwords following a potentially catastrophic online security breach.

The warning stems from the discovery of an Internet bug called Heartbleed, aptly named due to its ability to create a “bleeding leak” of security.

The virus has the ability to evade a website’s security and access passwords and personal data including credit card details.

Neel Mehta, a security researcher with Google, first discovered the glitch simultaneously with a small Finnish security firm called Codenomicon.

They said it is unknown whether hackers had used it prior to its detection as it went unnoticed for two years with no possibility of evidence to decipher whether it was active or not.

A spokesman for Codenomicon commented: “If people have logged into a service during the window of vulnerability then there is a chance that their password is already harvested.”

Heartbleed normally encrypts personal data to make it appear like nonsense to online hackers and when a line of communication is secure users see a padlock on the page.

However, a flaw in programming has meant it is possible to trick the computer at the other end by sending a small packet of data imitating something known as a “heartbeat”, which usually ensures the checking of legitimate online security.

Hackers are therefore able to impersonate websites and steal encryption keys protecting data. The flaw is found in OpenSSL, the software most websites use to maintain the security of data.  

Numerous organisations have installed a “patch” to rectify the flaw, but many still remain vulnerable.

One of the worst affected sites is Yahoo!, who recently issued a warning on Tumblr:

“The little lock icon we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible.”

When contacted by the Mail last night, Britain’s major banks refused statement on whether passwords should be changed.

HSBC said they were “monitoring” the situation, while a Lloyds spokesman said they would “not comment” on security matters.

While many experts have advised the public to change their passwords, a researcher for the IT security company Rapid7 Mark Schloesser, has said that altering a password on websites that have not amended the flaw could expose “both the old and new passwords” to an attacker.

 Bethany Bishop

More in Current Affairs

Understanding Interpol notices and arrest warrants in the UAE

The editorial unit

The role of expert business plan writers in securing funding for startups

The editorial unit

What you need to know about full fibre broadband

The editorial unit

“Chill the VR Out”: YourHaven’s hilarious and heartfelt campaign for Mental Health Awareness Month

The editorial unit

Women of Ireland have rolled over for long enough: The 8th and the long walk to abortion rights

Emma Kiely

Changes to expect during menopause

The editorial unit

Why Equity Linked Savings Schemes is a preferred tax saving?

The editorial unit

How the world’s top designers would rebrand political parties

The editorial unit

Royal baby furore: Proof that the British monarchy is still popular?

Eoin O’Sullivan-Harris