NEW YORK (AP) — Passwords, credit cards and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.
Security researchers say the threat, known as Heartbleed, is serious, partly because it remained undiscovered for more two years. Attackers can exploit the vulnerability without leaving any trace, so anything sent during that time has potentially been compromised. It's not known, though, whether anyone has actually used it to conduct an attack.
Researchers are advising people to change all of their passwords.
The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
Researchers say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.
A fix came out Monday, but websites and service providers must install the update.
Yahoo Inc.'s Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials said they had no evidence of any breach and had immediately implemented the fix.
"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr's blog post read. "This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."
The flaw was discovered independently by researchers at Google Inc. and the Finnish security firm Codenomicon.
Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Several dogs are in the custody of San Diego County, after a Lomita woman reported that her six dogs were attacked and some killed by a group of pit bulls.
Thousands of people marched through downtown San Diego and San Marcos in the second annual Women's March Saturday. The San Diego event began at 10 a.m. at the downtown Waterfront Park on Pacific Highway, while the North County event began at 11 a.m. at Palomar College.
Thousands of people marched through downtown San Diego and San Marcos in the second annual Women's March Saturday. The San Diego event began at 10 a.m. at the downtown Waterfront Park on Pacific Highway, while the North County event began at 11 a.m. at Palomar College. The two marches were held in conjunction with other marches across the country.
The federal government shut down at the stroke of midnight Friday, which prompted the closure of many federal operations, such as national parks and monuments and that included the shutdown of Cabrillo National Monument.
Chilly temperatures and scattered showers started the weekend. Temperatures at the coast and inland communities hovered around 60 degrees with some areas of San Diego County receiving rain during the morning hours.
A transient accused of fatally stabbing a man after they got into an argument near a 7-Eleven store in Poway pleaded not guilty Friday to a murder charge.
Coastal rail closures could complicate the commute for the thousands of people expected at Women's Marches set for downtown San Diego and San Marcos Saturday, though additional transit options are being made available.
A man arrested in the doctor's lounge at Sharp Grossmont Hospital in La Mesa after claiming to be an anesthesiologist pleaded not guilty Friday to a felony charge of treating the sick without a certificate.
People who bought new homes in Otay Ranch's Village of Escaya can start moving in Friday - later than planned but after the developer took steps to address methane found at the site.
Recent assaults by tactical teams on prototypes of President Donald Trump’s proposed wall with Mexico found their imposing heights should stop border crossers, The Associated Press has learned, a finding that’s likely to please security hawks but raise concerns about costs and environmental damage.