* *'Heartbleed Bug' puts Web security at risk A vulnerability in the OpenSSL program could compromise encryption on much of the Internet, putting passwords and data at risk. Experts say now is not the time for online banking.
* * nationalpost.com: A little over two years ago, at one minute before midnight on New Year’s Eve 2011, a German computer programmer called Robin Seggelman made a small error in an update to OpenSSL, a program that lets computers trade data securely, as in email or banking.
It was a programmer’s typo, of a sort that is routinely caught and corrected, but the damage it caused could make Heartbleed, as the error is now known, worse than any other virus, glitch or bug of the Internet age.
In effect, the error created a secret back door to supposedly secure websites. Though it is now being frantically “patched,” it has been unlocked for more than two years, with reports Friday suggesting it has been quietly exploited all along by the U.S.’s National Security Agency (NSA).
Friday, Canada shut down all government websites that use OpenSSL, notably the one for filing taxes, fearing they were under constant attack.
- The Heartbleed Hit List: The Passwords You Need to Change Right Now
- Check a site:LastPass Heartbleed checker
- A consumer’s guide to making sure you are not a Heartbleed victim
- bloomberg.com: NSA Said to Exploit Heartbleed Bug for Intelligence for Years
- NSA and White House deny knowing about — and exploiting — the Heartbleed bug
- How a programmer’s small error created Heartbleed — a secret back door to supposedly secure sites