Heartbleed, Newly Discovered Threat for Internet Users
Translator
Editor
Jumat, 19 Oktober 2018 20:33 WIB
TEMPO.CO, Jakarta - The United States government warned internet users and other businesses on Friday to be alert for hackers seeking to steal data exposed by the "Heartbleed" bug, Reuters reported. A security firm Codenomicon and Google researcher, Neel Mehta, have both found the bug independently from each other, but on the same day.
The Heartbleed bug is newly discovered security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. That means a user's sensitive personal data -- including usernames, passwords, and credit card information -- is potentially at risk of being intercepted. The bug attacks standard OpenSSL encryption that has been widely used by many popular websites like Facebook Inc., Google Inc. and Yahoo Inc.
Suspicions arise that the National Agency Security (NSA) of the United States has known about the bug long before it was surfaced on Monday and that the agency has been utilizing it to spy on people’s passwords and basic information. However, the White House has denied the reports.
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House National Security Council spokeswoman, Caitlin Hayden, said as quoted by Reuters.
Robin Seggelmann, a German programmer who volunteers as a developer on the OpenSSL team, said in a blog post published on Friday that he had written the faulty code responsible for the vulnerability while working on a research project at the University of Münster.
"I failed to check that one particular variable, a unit of length, contained a realistic value. This is what caused the bug, called Heartbleed," said Seggelmann, on Reuters. Seggelmann is now an employee with German telecommunications provider Deutsche Telekom AG.
Several companies have been advising their users about the vulnerability of accessing their account since Heartbleed had been detected.
RINDU P HESTYA | REUTERS | CNET