By exploiting loopholes heartbleed on OpenSSL , a hacker can steal information though a site or service providers already do encryption ( marked with a " padlock " and the prefix " https : " in the URL ) .
The problem becomes large because OpenSSL is used by 66 percent of all Internet web part to encrypt the data so that the security hole was widespread . Big names , including Gmail , Facebook , and Yahoo , are affected .
From the user side , nothing can be done to address this bug except wait for the service provider concerned to patch the gap heartbleed ( heartbeat ) , then change the password as a precaution when the old keyword has been leaked .
Well, here is a list of several popular services known to have / not have security holes heartbeat , as summarized by Mashable .
A complete list of affected service name heartbleed can be seen in a list created on April 8 . Since the list was published , some service providers have been distributing a patch to patch the vulnerabilities that exist .
In addition to seeing the list , to check whether a site or service is affected by heartbleed or not , Internet users can use a tool from Last Pass .
Is the name of the site affected by the heartbeat Is there a patch Should change the password
Facebook Yes Yes Yes
LinkedIn No No No
Twitter is not yet known Not yet known Not yet known
Tumblr Yes Yes Yes
Apple Not yet known Not yet known Not yet known
Amazon No No No
Google Yes Yes Yes
Microsoft No No No
Yahoo Yes Yes Yes
Gmail Yes Yes Yes
Hotmail / Outlook No No No
Yahoo Mail Yes Yes Yes
Ebay is Not yet known Not yet known Not yet known
PayPal No No No
DropBox Yes Yes Yes
OkCupid Yes Yes Yes
No comments:
Post a Comment