Financial News

  • 10 April 2014, 6:18

'Stay Off The Internet' To Avoid Major Web Bug

Hackers may have been intercepting web passwords and browsing history for the past two years because of a bug in widely used web encryption technology.

Analysts say the Heartbleed bug is one of the most serious discovered in recent years because the compromised technology - OpenSSL - is so popular.

The popular web encryption technology is used by websites to protect sensitive data such as passwords.

Jonathan Sander, from cyber security firm Stealthbits Technologies, said: "It's like finding a faulty car part used in nearly every make and model."

The Tor Project, which develops online anonymity software, warned people to stay off the internet entirely for the next few days to remain safe.

A message on its website read: "If you need strong anonymity or privacy on the internet, you might want to stay away from the Internet entirely for the next few days while things settle."

Yahoo passwords were among those compromised, and the company says it has since fixed the vulnerability on its services.

A spokesman said: "As soon as we became aware of the issue, we began working to fix it."

Other websites known to have been compromised by the flaw included image-hosting site Imgur, dating service OKCupid and the FBI's website.

The bug was introduced in the 1.01 version of OpenSSL in 2012.

This means that attackers may have been exploiting the bug for two years; revealing emails, instant messages and browsing data.

Because hacking attacks using the bug leave no trace, it is difficult to calculate how many people have been affected.

Google, Microsoft, Twitter, Facebook and Dropbox are understood to be unaffected.

Advertisement