Vulnerability 'bleeding heart' threaten global online payment

Security experts discovered a serious vulnerability in OpenSSL that they recommended that users avoid online transactions these days.

Researchers at security firm Codenomicon and Google Security had found errors called HeartBleed (bleeding heart). HeartBleed been rated as one of the serious security flaw ever discovered.

Software vulnerabilities in OpenSSL, which is the library that the important sites are often used to encode data, such as banking, e-commerce or e-mail service ... Many businesses also use OpenSSL to encrypted information and allow employees to access internal applications of agencies, working remotely over the Internet.

The vulnerability is caused a stir HeartBleed security world and caused some people to panic.

OpenSSL exploit vulnerabilities, cyber criminals can gain a user's session to transfer money to another account if the website is e-Banking services, or access the user's mailbox if the e-mail service . Bad guys can also access the internal network of the agency without login account. More ominously, this hole has existed for about two years.

"If a site sticky bugs, hackers can understand your data, such as passwords, bank account information and other personal information when you enter them on the site," said Michael Coates, director of security Shape confidentiality Security (USA), said.

9/4 day, the US Department of Homeland Security warned businesses in the country to check the entire server systems to eliminate errors. "When you play a hacker in order to check the level of security and confidentiality, we have penetrated into their own systems from the outside without leaving a trace," said a representative of Codenomicon.

There are currently no statistics how many websites stick bug, but experts said the two most popular web server is Apache and nginx are using OpenSSL. A spokesman for Yahoo acknowledged their services are at risk of exploitation but it has quickly fix errors on the service Search, Mail, Finance, Flickr, Tumblr ... Google and Facebook have to remedy before the vulnerability was publicly HeartBleed.

Share with VnExpress, Mr. Ngo Tuan Anh, vice president for cybersecurity Bkav, said the OpenSSL vulnerabilities affecting Web sites all over the world, including the prestigious site like Yahoo, Flickr. The website uses the HTTPS protocol, and OpenSSL are at risk of attack.

More at: Technology News