Tuesday, April 8, 2014

WHY DOES MY HEARTBLEED-THERE IS NO SUCH THING AS PRIVACY ON THE INTERNET


Once again, a major story has been revealed today about a seriously weakness in Internet web security that affects at least 66 per cent of all Internet web sites.

Amazingly, this flaw has existed for over two years without any of the web sites affected even being aware of the problem.

Instead, this security error has been discovered by an independent group of technology researchers.

So much for the illusion that anyone has left that their personal information is protected from identity thieves and we are all victims or potentially vulnerable to this huge problem.

The real problem is that the web site providers, almost all of them Corporations, are simply too lazy, too cheap, to spend the money necessary in providing stronger security internally on their sites to protect us.

What's a person to do?

Nothing is the answer, since technology is everywhere, and there is no way to avoid your information being stored on a server maintained by these websites. 

Even if you never used the Internet, your information is entered through store purchases and "mined" by Company's that sell your marketing information, profile, and most of who you are to other Company's that then enter it all into their web server data base. 

Technology cannot continue on its current course of slipshod, weak and indifferent policies of not protecting the public in a better manner.

There will never be 100 per cent full proof security, 
but  a lot of this stuff is not rocket science, requires basic monitoring, better software, and a desire
on behalf of Internet providers to at least provide 
some real protection against having their users 
private information easily stolen.

Users can test if web sites they use are vulnerable to this bug, CLICK HERE TO TEST, although this test is reported to not be 100 per cent reliable.

Critical Security "BUG" -(CLICK HERE)- 

"Heartbleed" Hits Up To 66 Percent Of the Internet
The Heartbleed bug has affected the back end of a full two thirds of the Internet.

As much as 66 percent of the Web may have been compromised by a newly revealed security flaw called Heartbleed.
 

Named by the researchers who discovered it, Heartbleed is a bug that affects an important Internet security protocol called SSL. Specifically, it affects one particular implementation of SSL called OpenSSL.

For context (and to understand how bad Heartbleed is), here's how SSL and OpenSSL work: Every time you log into a website, your login credentials are sent to that web site's server. But in most cases those credentials aren't simply sent to the server in plain text, they're encrypted using a protocol called Secure Sockets Layer, or SSL.

As with most protocols, different software makers have created different implementations of SSL. One of the most popular is an open-source implementation called OpenSSL, used by an estimated two thirds of currently active websites.

Heartbleed is a bug in OpenSSL. Hackers can exploit Heartbleed to get raw text from emails, instant messages, passwords, even business documents -- anything a user sends to a vulnerable site's server.

And the scariest part? 


The Heartbleed security flaw existed for nearly two years before it was discovered by legitimate researchers. That's plenty of time for black-hat hackers to have discovered and exploited the bug.

Matthew Prince, CEO of content delivery network Cloudflare, one of the first businesses to be notified of the bug, told The Huffington Post that sadly, there's not much normal netizens can do to protect themselves. "When you finish using a website, make sure to actively log out," Prince advised that makes it less likely that a hacker exploiting Heartbleed will be able to take your personal information.

Prince also put in a word of comfort: "Heartbleed is so serious, it's such a big, bad event, that almost every major service is scrambling to clean it up as quickly as possible." He estimated that most currently vulnerable websites will be "patched" by the end of the week.

Though a number of major websites have already been patched, others, including OKCupid, Flickr, Imagur and Yahoo.com, reportedly remain vulnerable to Heartbleed.
 

Vulnerable sites should not be logged into until they're patched  check those sites' blogs or Twitter feeds for updates and once a website has its patch in place, you should change your password for that site as soon as possible.

What makes these problems so frightening is that no-one appears to be awake in these IT departments of the worlds Company's to even catch a major security flaw such as heartbleed. 

If the private researchers hadn't discovered this bug on their own, no-one would even know that it exists.

To be honest, there has to be hundreds of security flaws in the various technologies that exist.

Soon there will be another one discovered and  everyone will rush to "patch it".

Patches are just what the word means, they are temporary ways of closing a loophole in software. 

The only way to fix these problems is for Corporations to invest the resources and time to take this seriously.

Perhaps they should hire those that steal by exploiting these bugs, to redesign their web sites.

Don't hold your breath about this ever happening,
as it's not "cost effective" to protect your privacy 
in the Corporate culture of this world.

No comments:

Post a Comment