• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Fix for Heartbleed bug may slow internet to a crawl

B

BalanceOfPower

Alfrescian
Loyal
Joined
Sep 19, 2013
Messages
411
Points
0

Fix for Heartbleed bug may slow internet to a crawl

Most sites have closed the back door to hackers with a patch, but it will make browsers sluggish

PUBLISHED : Wednesday, 16 April, 2014, 11:37pm
UPDATED : Wednesday, 16 April, 2014, 11:37pm

Agence France-Presse in Washington

heartbleed.jpg


An instruction to fix Heartbleed bug. Photo: Screenshot via Facebook

The heartache from the Heartbleed internet flaw is not over, and some experts say the fix may lead to more online disruption and confusion.

The good news is that most sites deemed vulnerable have patched their systems or are in the process of doing so.

The bad news is that web browsers might be overloaded by the overhaul of security certificates, leading to error messages and impacting web performance, said Johannes Ullrich of the SANS Internet Storm Centre.

"A good percentage of the websites are patched," Ullrich said on Tuesday.

The patches enable the web operators to obtain new security certificates that demonstrate they can be trusted by browsers.

But Ullrich noted that for each patch, web browsers must update their list of "untrusted" certificates or "keys" that would be rejected.

"For the fix, the website needs to obtain a new private key and the old key has to be revoked," he said. "Browsers will not trust the old keys."

Browsers generally update dozens of keys on a daily basis, but because of the Heartbleed fix, that number may rise to tens of thousands.

If the verification process took too long, Ullrich said, the browser might simply declare the site invalid or show an error message.

"People will see errors," he said. "They will see an invalid certificate. They can either accept the certificate or consider it invalid."

The big danger is that internet users may become so confused or frustrated that they ignore the warnings or reconfigure their browsers to no longer perform the security check.

"If people turn off those lists, then a hacker could get in," Ullrich said.

The bug is a flaw in the OpenSSL encryption at "https" websites that internet users have been taught to trust.

Warnings have spread in the last week about the Heartbleed flaw, which lets hackers snatch packets of data from working memory in computers, creating the potential for them to steal passwords or encryption keys.

Google said some versions of its Android mobile operating system might be vulnerable.

 
You must log in or register to reply here.

Similar threads

LITTLEREDDOT
China hacks Singtel, PAP govt kept quiet until Bloomberg news reported the incident
Replies
11
Views
862
nabeifuckpap
nabeifuckpap
Hightech88
NBPCB CECA DBS CEO Gupta love farking Sinkies again! DBS, POSB internet banking services down, users reported not able to use PayLah! or PayNow
2
Replies
24
Views
2K
Hightech88
Hightech88
Aaron carter
A torrid December for the PAP: transparency, trust, and truth under scrutiny
Replies
4
Views
534
oliverlee
O
disconsolate
The Shift To Social Shopping And What It Means For Brands
Replies
0
Views
643
disconsolate
disconsolate
Aaron carter
MOE fucked up!!!! students downloaded app which wiped clean their devices!!!!!
Replies
19
Views
1K
Chase
Chase
Back
Top