Bug affecting heart of Internet
Print Edition
THE heart of the Internet is “bleeding” from a bug in widely-used encryption technology, according to security experts.
The online threat, code-named Heartbleed, could affect millions of Chinese computer users by exposing their passwords, credit card numbers and other sensitive information to potential theft by computer hackers.
“Heartbleed is the No. 1 online threat this year,” said Shi Xiaohong, a security expert with Qihoo 360.
Shi likened it to a “nuclear crisis in the Internet landscape” due to its potential for damage.
More than 30 percent of domestic websites requiring web log-ins — covering online payment, e-commerce, online bank and e-mail services — have been affected by the bug. Users can’t protect their information if they have used the services of websites with OpenSSL encryption technology, even if their computers are well protected by anti-virus tools, according to Qihoo 360.
The security researchers who uncovered the threat are particularly worried about the breach because it had gone undetected for more than two years. Hackers may have been exploiting the problem over that period.
Domestic websites, including Taobao, the online shopping site, and train ticket site12306.cn, and global sites such as Yahoo were found to have the bug. By yesterday evening, most websites had been upgraded to fix the bug.
“All of our websites, including Taobao, Alipay and Tmall are safe now with system upgrading,” Alibaba said.
Beijing-based Qihoo 360 sent alerts to around 120,000 website owners in China urging them to upgrade their systems.
The Heartbleed bug was found by Google Inc and US security firm Codenomicon, and prompted the US government’s Department of Homeland Security to advise businesses to review their servers to see if they were using vulnerable versions of OpenSSL, Reuters reported.
Ordinary computer users are advised to change passwords or at least not to access websites that haven’t been upgraded.
Yahoo, which has more than 800 million users worldwide, said most of its most popular services — including sports, finance and Tumblr — had been fixed, but work was still being done on other products it didn’t identify.
In a statement, it said it was “continuously working to protect our users’ data.”
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
