• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Fix for Heartbleed bug may slow internet to a crawl

B

BalanceOfPower

Alfrescian
Loyal

Fix for Heartbleed bug may slow internet to a crawl

Most sites have closed the back door to hackers with a patch, but it will make browsers sluggish

PUBLISHED : Wednesday, 16 April, 2014, 11:37pm
UPDATED : Wednesday, 16 April, 2014, 11:37pm

Agence France-Presse in Washington

heartbleed.jpg


An instruction to fix Heartbleed bug. Photo: Screenshot via Facebook

The heartache from the Heartbleed internet flaw is not over, and some experts say the fix may lead to more online disruption and confusion.

The good news is that most sites deemed vulnerable have patched their systems or are in the process of doing so.

The bad news is that web browsers might be overloaded by the overhaul of security certificates, leading to error messages and impacting web performance, said Johannes Ullrich of the SANS Internet Storm Centre.

"A good percentage of the websites are patched," Ullrich said on Tuesday.

The patches enable the web operators to obtain new security certificates that demonstrate they can be trusted by browsers.

But Ullrich noted that for each patch, web browsers must update their list of "untrusted" certificates or "keys" that would be rejected.

"For the fix, the website needs to obtain a new private key and the old key has to be revoked," he said. "Browsers will not trust the old keys."

Browsers generally update dozens of keys on a daily basis, but because of the Heartbleed fix, that number may rise to tens of thousands.

If the verification process took too long, Ullrich said, the browser might simply declare the site invalid or show an error message.

"People will see errors," he said. "They will see an invalid certificate. They can either accept the certificate or consider it invalid."

The big danger is that internet users may become so confused or frustrated that they ignore the warnings or reconfigure their browsers to no longer perform the security check.

"If people turn off those lists, then a hacker could get in," Ullrich said.

The bug is a flaw in the OpenSSL encryption at "https" websites that internet users have been taught to trust.

Warnings have spread in the last week about the Heartbleed flaw, which lets hackers snatch packets of data from working memory in computers, creating the potential for them to steal passwords or encryption keys.

Google said some versions of its Android mobile operating system might be vulnerable.

 
You must log in or register to reply here.

Similar threads

gsbslut
it's official. gen z more stupid than boomers
Replies
0
Views
697
gsbslut
gsbslut
SBFNews
The tech flaw that lets CCP hackers control surveillance cameras
Replies
12
Views
1K
duluxe
duluxe
gsbslut
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
635
eatshitndie
eatshitndie
gsbslut
sinkies no 1 stupidest people in the world : lose the most to scammers
Replies
7
Views
929
eatshitndie
eatshitndie
gsbslut
Best Sugar Daddy Websites: Top Sites For Sugar Babies to Meet Sugar Daddies (2024)
Replies
1
Views
891
Cottonmouth
Cottonmouth
Top