BY MEGHAN NEAL
Security holes are par for the course on the Web today, but a new, massive bug dubbed "Heartbleed” is particularly nasty, and widespread: Experts say that two-thirds of websites and nearly everyone that’s used the Internet in the last two years could be affected to some extent.
The irony is, the those who have put the most effort into privacy and security are the most vulnerable.
The bug exposes the popular cryptographic software, OpenSSL, a mainstay Web encryption. Heartbleed makes it possible for anyone to eavesdrop on encrypted sites and access the sensitive data they’re supposed to be protecting, all without leaving any trace on the site’s server. Even worse, attackers can also retrieve cryptographic keys and passwords and use that info to decrypt any past or future web traffic.
The bug was introduced in the 1.01 version of OpenSSL in 2012, which means for two years attackers exploiting the bug could have exposed VPNs and anonymity services, and accessed users’ emails, instant messages, and browsing activity.
The lion's share of websites that use the HTTPS secure communications protocol run OpenSSL, and of course sites specifically designed to hide users' identity are at risk, including the Tor onion network.
The Tor Project wrote in a blog post yesterday that Tor clients, relays, and hidden services were all vulnerable to the Heartbleed bug. In theory, anyone that had been using Tor—be it to buy drugs on the black market or protect themselves from oppressive governments or anything in between—may have had their activity monitored and encryption keys stolen.
Read the full story on Motherboard.
Photo via Shutterstock
Texans are adopting dogs in droves to rescue them from flooded animal shelters
Now this is Southern hospitality.94k
How to play every classic video game on your phone
The best '80s and '90s consoles in the palm of your hand.21k
You can play a giant game of Tetris on the biggest Game Boy ever made
Handheld gaming nostalgia writ extremely large.16k
6th grader pens beautiful apology for 'Deez Nuts' 911 call
As a nation, we must learn that shouting "DEEZ NUTS" can have consequences.
Your definitive guide to the best robot butts
Thick, toned and metal.8