Skip to main content
  1. Home
  2. Computing
  3. News

People should ‘Stop all transactions for a few days,’ due to Heartbleed, security exec says

By
netcraft heartbleed browser extension google chrome opera firefox 34
Image used with permission by copyright holder

We’ve seen some pretty scary quotes from Web security and cloud services experts regarding the Heartbleed flaw in OpenSSL. Heartbleed allows hackers to steal a potential treasure trove of data, including user names, passwords, emails, credit card numbers and more, without being detected by exploiting a flaw in the OpenSSL data encryption service used by many websites around the world. However, to this point, the quote offered by Mike Lloyd, who is the CTO of RedSeal, a network security firm, might be the most frightening of them all.

“Stop all transactions for a few days,” Lloyd said of the Heartbleed bug, which was recently uncovered by a team of researchers, despite the fact that it has existed for roughly two years.

Recommended Videos

Lloyd also states that “automation” is the key to combating threats like Heartbleed, as he wrote in an official RedSeal blog post.

“What you need is automation – not just vulnerability scanning (which can find those unpatched machines), but also a pre-built map, and a way to automate and speed up the query for “where are these machines suffering from Heartbleed, and what are they exposed to?”. Wise organizations plan for this – we know it’s going to happen again.”

MORE: How to check if your favorite websites are vulnerable to the Heartbleed bug

That’s what makes dealing with the realities of Heartbleed so frustrating. Aside from changing passwords and avoiding websites that are allegedly affected by Heartbleed, the average person is largely powerless when it comes to dealing with the threat. This isn’t a fire that can be snuffed out by employing the latest and greatest malware and anti-virus scanners, considering that this isn’t malware, but a gaping hole in the encryption service used by many of the world’s websites. It’s on individual companies, organizations, and governments to switch to a version of OpenSSL that doesn’t contain the Heartbleed flaw.

MORE: Here’s a list of websites allegedly affected by the Heartbleed bug (Updated)

Fortunately, to this point, more than a few household name websites that were once vulnerable or suspected of being susceptible to Heartbleed, have since reportedly been patched. These include Yahoo, Google, Dropbox and others.

However, Lloyd’s warning shouldn’t go unheeded. After all, Canada has put a stop to online tax payments for the time being in light of the Heartbleed revelation, and we can’t help but wonder if other governments, companies and organizations will follow suit soon.

What do you think? Sound off in the comments below.

Image credit: http://wallpaperswide.com

Topics
Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Rest in pieces: Nvidia is finally ditching GeForce Experience for good
The Nvidia app on the Windows desktop.

We've had the Nvidia app for a while, but now, it's available officially. About a year ago, Nvidia launched the Nvidia app into beta as a one-stop-shop for managing some of its best graphics cards, including grabbing new drivers, messing around with different features, and optimizing your game settings. Now, it's out of beta, officially replacing the legacy GeForce Experience and Nvidia Control Panel apps, and with some new features in tow.

One of the biggest draws of the Nvidia app initially was driver downloads. It may seem mundane, but you'd previously need to download GeForce Experience and create an Nvidia account for GPU driver updates. If you didn't, you'd have to search and install your drivers manually. The Nvidia app gives you access to new drivers, and notifies you when they're ready, all without an Nvidia login. Now, signing in is optional for "bundles and rewards" offered by Nvidia.

Read more
Microsoft is, once again, trying to force users into using Edge
Microsoft Edge on a laptop on a couch.

Microsoft has deployed no shortage of tactics to get Windows users onto its Edge browser, and although some of the more nefarious methods of trying to force users to pick up the browser have failed, the company is still experimenting with new methods. The latest route launches Edge automatically on your PC on startup and prompts users to continually import data from Chrome, including your history, bookmarks, and tabs.

Richard Lawler from The Verge spotted the prompt, which showed up earlier this year without explanation before disappearing. It's back now, and in an official capacity from Microsoft. "This is a notification giving people the choice to import data from other browsers," said Microsoft's Caitlin Roulston in a statement to The Verge.

Read more
M4 chip: here’s everything we know about Apple’s latest silicon
The Apple M4 series chips, including the M4, M4 Pro and M4 Max against a black background.

With the launch of the latest iMac, the redesigned Mac mini and the souped-up MacBook Pro, Apple has just unveiled new Macs equipped with its latest M4 chip, which brings more powerful performance and extra features to its computers. But this won't be the first time the M4 has made an appearance -- it's already out in the latest iPad Pro.

Is the M4 chip any good? Should you upgrade your Mac or iPad to take advantage of it? And what new features does it bring to your devices? We've set out to answer these questions and more, blending together what we've learned from the M4 Macs and the iPad Pro with information sourced in our own reviews. That should give you everything you need to know about Apple's latest chip.
Price and release date

Read more