Go to the Globe and Mail homepage

Jump to main navigationJump to main content

To quote Codenomicon (who found and named Heartbleed): The affected code is called OpenSSL and “is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.” (Codenomicon)
To quote Codenomicon (who found and named Heartbleed): The affected code is called OpenSSL and “is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.” (Codenomicon)

New bugs found in software that caused "Heartbleed" cyber threat Add to ...

Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious "Heartbleed" Internet threat that surfaced in April.

Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as "Heartbleed."

More Related to this Story

The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes.

Experts said that websites and technology firms that use OpenSSL technology should install the update on their systems as quickly as possible. Still, they said that could take several days or weeks because companies need to first test systems to make sure they are compatible with the update.

"They are going to have to patch. This will take some time," said Lee Weiner, senior vice president with cybersecurity software maker Rapid7.

OpenSSL technology is used on about two-thirds of all websites, including ones run by Amazon.com Inc, Facebook Inc, Google Inc and Yahoo Inc . It is also incorporated into thousands of technology products from companies, including Cisco Systems Inc, Hewlett-Packard Co, IBM, Intel Corp and Oracle Corp.

The widespread "Heartbleed" bug surfaced in April when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers who could steal large quantities of data without leaving a trace. That prompted fear that attackers may have compromised large numbers of networks without their knowledge.

Security experts said on Thursday that the newly discovered bugs are more difficult to exploit than "Heartbleed," making those vulnerabilities less of a threat.

Still, until users of the technology update their systems, "there is a window of opportunity" for sophisticated hackers to launch attacks and exploit the newly uncovered vulnerabilities, said Tal Klein, vice president of strategy with cloud security firm Adallom. (Editing by Jonathan Oatis)

Follow us on Twitter: @GlobeTechnology

 
  • IBM-N
  • ORCL-Q
  • INTC-Q
  • HPQ-N
  • CSCO-Q
  • GOOG-Q
  • AMZN-Q
Live Discussion of IBM on StockTwits
More Discussion on IBM-N
Live Discussion of ORCL on StockTwits
More Discussion on ORCL-Q
Live Discussion of INTC on StockTwits
More Discussion on INTC-Q
Live Discussion of HPQ on StockTwits
More Discussion on HPQ-N
Live Discussion of CSCO on StockTwits
More Discussion on CSCO-Q
Live Discussion of GOOG on StockTwits
More Discussion on GOOG-Q
Live Discussion of AMZN on StockTwits
More Discussion on AMZN-Q

More Related to this Story

Topics:

In the know

Most popular video »

Highlights

More from The Globe and Mail

Most Popular Stories