Home >

Global Internet Giants Rush Out Of Danger

2014/4/12 22:31:00 8

P > this Tuesday, hackers and "white hat", which optimizes the website's IT, have gone through a sleepless night.

some of them are revelling, entering the heavily guarded website one by one, patiently collecting leaked data, piecing together the user's plaintext passwords; others are upgrading the system hard, counting the vulnerability information, and preparing to persuade the customers' statements to make them aware of the seriousness of the problem.

On the day of "P", from Amazon to YAHOO, a number of international top Internet Co have held an emergency meeting to deal with the latest Internet vulnerabilities "Heart bleed".

This is what the discoverers call the image of the most serious security hole this year.

"heart bleeding" is Open SSL (as the basic security protocol of the Internet, which is widely used, which is used by some 2/3 websites around the world). The latter is an encryption protocol designed to ensure the security of Internet communication.

The vulnerabilities exposed on Monday have affected many aspects of the Internet, because Open SSL is the default security communication option for Apache Web servers.

Open SSL is also widely used in virtual private network (VPN) technology, which is a technology that enables employees to connect to the company's network to work on a remote basis.

security experts say that the "heart bleeding" vulnerability will affect at least 200 million Chinese netizens. After preliminary assessment, a number of mainstream websites that use the "HTTPS" login mode have attracted less than 30% of the websites, including the most popular websites and services such as shopping, Internet banking, social networking, portals, micro-blog, WeChat, mailboxes, and so on.

With this loophole, hackers can sit in their homes and get sensitive data such as login accounts, passwords, cookie and so on.

a security industry source revealed that he had tried to read data on a famous e-commerce website with this < a href= "//www.sjfzxm.com/news/index_c.asp" > leak < /a >. After reading 200 times, he got more than 40 user names and 7 passwords, and with these passwords, he successfully registered on the website.

at the same time, through the 360 network attack and defense laboratory detection found that the global open 443 ports hosts 40041126, of which more than 32 thousand hosts were affected by the "heart bleeding" vulnerability.

360 security expert Shi Xiaohong told reporters that the latest loophole discovered by Open SSL is called "a href=" //www.sjfzxm.com/news/index_c.asp "network nuclear bomb < /a >, and many websites such as online banking, online shopping, online payment, and mailbox are likely to be affected.

No matter how safe the user computer is, as long as the website uses the Open SSL version of the vulnerability, users can log in to the site and monitor the login account and password in real time.

> a href= "//www.sjfzxm.com/news/index_c.asp" > Shi Xiaohong < /a > reminds the Internet service providers to upgrade Open SSL as soon as possible to repair them. At the same time, it is suggested that most netizens should not log in accounts on the websites affected by vulnerabilities until they are repaired.

another expert suggested that ordinary users should not rush to change their passwords in the media interview. They should be patient and wait for the relevant website to complete the repair of security vulnerabilities before changing the password, because if the website has not yet repaired the loopholes, the operation of modifying the password may lead to the new password being stolen.

We should pay attention to whether the website has been repaired. Once the vulnerability is repaired, the password will be changed immediately.

Tang Wei, a rising security expert, said in an interview with reporters that the impact of the vulnerability may not be that big because it only targets a specific version of P.

"Upgrading to the latest version of Open SSL and patch regularly later can eliminate this loophole, which is the most convenient way for the relevant Internet companies at present."

but anyway, after this vulnerability was discovered, Amazon, YAHOO and other world-renowned Internet companies and password management companies Last Pass have expressed the latest release of Open SSL software patch.