New bugs found in software that caused "Heartbleed" cyber threat
Boston: Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious “Heartbleed” Internet threat that surfaced in April.
Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as "Heartbleed."
The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes.
Experts said that websites and technology firms that use OpenSSL technology should install the update on their systems as quickly as possible. Still, they said that could take several days or weeks because companies need to first test systems to make sure they are compatible with the update.
"They are going to have to patch. This will take some time," said Lee Weiner, senior vice president with cybersecurity software maker Rapid7.
OpenSSL technology is used on about two-thirds of all websites, including ones run by Amazon.com Inc, Facebook Inc, Google Inc and Yahoo Inc. It is also incorporated into thousands of technology products from companies, including Cisco Systems Inc, Hewlett-Packard Co, IBM, Intel Corp and Oracle Corp.
The widespread "Heartbleed" bug surfaced in April when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers who could steal large quantities of data without leaving a trace. That prompted fear that attackers may have compromised large numbers of networks without their knowledge.
Security experts said on Thursday that the newly discovered bugs are more difficult to exploit than "Heartbleed," making those vulnerabilities less of a threat.
Still, until users of the technology update their systems, "there is a window of opportunity" for sophisticated hackers to launch attacks and exploit the newly uncovered vulnerabilities, said Tal Klein, vice president of strategy with cloud security firm Adallom.
More from India
More from World
More from Sports
More from Entertaiment
- I eat beef, can somebody stop me?: Kiren Rijiju hits back at Naqvi
- Delhi: Visually impaired boy scores 91.4% in CBSE 12th Board exams
- MP: 14-year-old boy works as bonded labour since 2009
- UP: Man chops off wife's nose, hair for dowry
- Zee Media Exclusive: The plight of yoga expert Tejaswi Sharma
- Heat ave continues in India, death toll climbs to over 1,400
- Woman denied flat in Mumbai for being a Muslim
- Megastar Amitabh Bachchan slapped with Rs 1 crore notice
- 4 Indians in Forbes' 100 most powerful women list
- Gujjar stir: HC asks Rajasthan govt to clear rail track, roads
- Kenyan lawyer offers to marry Barack Obama's daughter Malia
- Gujjar stir: HC asks Rajasthan govt to clear rail track, roads- Part II
- Maggi likely to face ban in India!
- Salman Khan accident files burnt in Mantralaya fire
- AIB: The 'Third Gender's right to dignity'
- CBSE Class 10 Board Result 2015 to be announced today
- Check mahresult.nic.in for MSBSHSE Maharashtra Class 12 HSC Result 2015
- CBSE Class 10 Board Result 2015 (cbse.nic.in, cbseresults.nic.in) postponed?
- Maharashtra MSBSHSE HSC Result 2015 on mahresult.nic.in
- I was misquoted, says Kiren Rijiju on 'beef' remark
- First look: Salman Khan steals thunder in `Bajrangi Bhaijaan`
- Check cbse.nic.in, cbseresults.nic.in for CBSE Class 10 Result 2015
- mahresult.nic.in updated with MSBSHSE Maharashtra HSC Class XII Result 2015
- CBSE Class 10 (Class X Board) Result 2015 on cbse.nic.in, cbseresults.nic.in at 2 pm
- Manmohan Singh defends himself on 2G charge, slams Modi govt for 'carbon copy' schemes
- Sonia Gandhi 'unconstitutional authority' during UPA: PM Narendra Modi
- Hours after attacking NDA govt, Manmohan Singh meets PM Narendra Modi
- Reservation stir: Five percent job quota to Gujjars unlikely, hints Rajasthan govt
- PMO website revamped, now send e-mail to PM Modi directly
- Death toll climbs to over 1400 as intense heatwave continues in India