New York: 02:29 || London: 07:29 || Mumbai: 12:59 || Singapore: 15:29

Reports US

US stock market daily report (April 09, 2014, Wednesday)

April 10, 2014, Thursday, 05:29 GMT | 00:29 EST | 09:59 IST | 12:29 SGT
Contributed by Millennium Traders

Heartbleed bug was announced yesterday as a serious security flaw in OpenSSL which may have impacted all Internet users over the past two years. The really bad news is there is no quick fix that can be easily and quickly applied to resolve the flaw. Since servers maintain a great deal of information in their active memory including usernames, passwords and even credit card numbers, hackers are able to steal encryptions keys to access previously considered secure information. By stealing encryption keys, hackers can intercept encrypted data moving to and from a site's servers and read it without establishing a secure connection. Unless companies running vulnerable servers change their security access codes, future data could be accessible by hackers, as well.

Developers behind OpenSSL were notified several days in advance of the announcement to the general public, allowing the flaw to be repaired. The bug should be less prevalent in weeks to come since a majority of service providers should already be updating their websites.

OpenSSL project is a collaborative effort to develop a robust, commercial-grade, full-featured and Open Source tool-kit which implements the Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength general purpose cryptography library. In layman's terms... OpenSSL is the open-source encryption standard used by a majority of websites on the Internet that transmit data that users want to keep secure such as email or instant messaging. Encryption works in a way that data being sent looks like gibberish to anyone other than the intended recipient. On occasion, one of the computers will check that there's still a computer at the other end of the secure connection by sending a 'heartbeat' consisting of a small packet of data that requests a response.

Heartbleed bug gives hackers who know about it, the ability to extract massive amounts of data from the services we use every day, which we assumed were mostly secure. Computers that power services that transmit secure information such as Facebook and Gmail are most vulnerable. The programming error allows a well-disguised packet of data that appeared to be a heartbeat, to trick the computer at the other end of the supposed secure transmission, into sending data stored in its memory. Google security researcher Neel Mehta was the first to report discovery of the flaw to the team behind OpenSSL. Security firm Codenomicon independently found the flaw. Per reports, hackers leave no trace of intrusion by using the bug. Adam Langley of the Chromium Project and Bodo Moeller of Association for Computing Machinery prepared the fix for the flaw.

Reports indicate that nearly 66% of websites are powered by technology built around SSL - excluding email services, chat services and a wide variety of apps available on every platform. Since the flaw has been around for nearly two years leaving no trace behind, all Internet users should safely assume that their data has been compromised. Computer users are urged to change passwords, immediately, especially for services where privacy and security are major concerns.