NEW YORK (AP) — Passwords, credit cards and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.
Security researchers say the threat, known as Heartbleed, is serious, partly because it remained undiscovered for more two years. Attackers can exploit the vulnerability without leaving any trace, so anything sent during that time has potentially been compromised. It's not known, though, whether anyone has actually used it to conduct an attack.
Researchers are advising people to change all of their passwords.
The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
Researchers say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.
A fix came out Monday, but websites and service providers must install the update.
Yahoo Inc.'s Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials said they had no evidence of any breach and had immediately implemented the fix.
"But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr's blog post read. "This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."
The flaw was discovered independently by researchers at Google Inc. and the Finnish security firm Codenomicon.
Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
A 16-year-old girl managed to escape Tuesday when a would-be kidnapper grabbed her and tried to pull her into his vehicle in a parking lot at Southwestern College, authorities reported.
As the school year winds down, a lot of students are getting ready to do some traveling with their families. The Nurse Practitioners at CVS Minute Clinic have a few reminders if you are planning on traveling abroad.
An expedition led in part by the Scripps Institution of Oceanography at UC San Diego located a missing World War II bomber off the coast of Papua New Guinea and surveyed another at the bottom of a harbor, it was announced Friday.
It was like a scene right out of John Wayne movie Tuesday in East County.
A bull made a break in the not-so-wide open spaces of San Diego Country Estates.
News 8's Dominic Garcia reports on the bolting bovine and its capture.
Be it ever so humble, there is no place like home. But what if that humble home costs over $10 million? News 8's Steve Price takes a look inside a newly built condo in La Jolla that is breaking some San Diego Real Estate records.
Just about everybody on this planet accepts their lot in life, but deep down dreams of becoming a rock star.
Plenty of winter rain means plenty of flowers, trees and grasses this spring.
But it also means, plenty of foxtails.
They are a prickly little plant that blooms every spring and can cause plenty of problems for canine companions.
News 8's Shawn Styles explains how to "out fox" the foxtails.
San Diego County emergency and fire officials are urging residents to protect homes against devastating wildfires as fire season kicks into full gear.