New bugs found in software that caused "Heartbleed" cyber threat

BOSTON Fri Jun 6, 2014 9:28am IST

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. REUTERS/Mal Langsdon/Files

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014.

Credit: Reuters/Mal Langsdon/Files

Related Topics

Stocks

   

BOSTON (Reuters) - Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious “Heartbleed” Internet threat that surfaced in April.

Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as "Heartbleed."

The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes.

Experts said that websites and technology firms that use OpenSSL technology should install the update on their systems as quickly as possible. Still, they said that could take several days or weeks because companies need to first test systems to make sure they are compatible with the update.

"They are going to have to patch. This will take some time," said Lee Weiner, senior vice president with cybersecurity software maker Rapid7.

OpenSSL technology is used on about two-thirds of all websites, including ones run by Amazon.com Inc, Facebook Inc, Google Inc and Yahoo Inc. It is also incorporated into thousands of technology products from companies, including Cisco Systems Inc, Hewlett-Packard Co, IBM, Intel Corp and Oracle Corp.

The widespread "Heartbleed" bug surfaced in April when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers who could steal large quantities of data without leaving a trace. That prompted fear that attackers may have compromised large numbers of networks without their knowledge.

Security experts said on Thursday that the newly discovered bugs are more difficult to exploit than "Heartbleed," making those vulnerabilities less of a threat.

Still, until users of the technology update their systems, "there is a window of opportunity" for sophisticated hackers to launch attacks and exploit the newly uncovered vulnerabilities, said Tal Klein, vice president of strategy with cloud security firm Adallom.

(Editing by Jonathan Oatis)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared
A staff of a China Mobile shop explains a function of the iPhone 5s to a customer in Beijing January 17, 2014. REUTERS/Kim Kyung-Hoon/Files

Apple revenue lags Street's view despite strong China growth

Apple posted a smaller-than-expected 6 percent rise in quarterly revenue on Tuesday, but revenue surged 28 percent in greater China despite stiff competition in its third-largest market.  Full Article 

TECH SHOWCASE

Privacy Lawsuit

Privacy Lawsuit

Google must face U.S. privacy lawsuit over commingled user data.  Full Article 

New Launch

New Launch

China's Xiaomi announces latest flagship Mi 4 smartphone.  Full Article 

Class Action

Class Action

Google must face class action over kids' in-apps purchases.  Full Article 

Black Hat Conference

Black Hat Conference

Talk on cracking Internet anonymity service Tor canceled.  Full Article 

Nano-Printing

Nano-Printing

Monet masterpiece shrunk down to the size of dust mite.  Video 

Losing Steam

Losing Steam

With sales sputtering, Apple's iPad looks to IBM alliance  Full Article 

N.Y. Forgery Trial

N.Y. Forgery Trial

Zuckerberg to testify at N.Y. forgery trial - prosecutors  Full Article 

Management Changes

Management Changes

BlackBerry names ex-Sybase executive as chief operating officer.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage