More to Heartbleed virus that you need to know about: Handshake Bug

{0 Comments}

140606120624-handshake-hack-620xa
Computers and Web servers initiate secure conversations with one another in a process known as a “handshake.” But this week, security researchers discovered a flaw in the way they shake hands. The bug allows a hacker operating between you and a website — say, connected to the same public Wi-Fi network — to snoop in on your Internet session.

Here’s the good news: The handshake bug isn’t as devastating as Heartbleed. The only major browsers it affects are for Google’s Android mobile operating system. And for a hacker to exploit the bug, you and the website must both be running vulnerable versions of the encrypting software, known as OpenSSL.

But it’s yet another wake up call that your Internet security relies on a few volunteers. The OpenSSL Foundation is a tiny team of computer programmers that only recently started getting additional financial support from many companies that rely on this software. The Linux Foundation said OpenSSL has received about half of the $5.4 million that companies have donated so far to the Core Infrastructure Initiative, an effort to better secure the Internet.

In fact, many security researchers say the only reason we spotted the handshake bug is because, post-Heartbleed, more volunteers are combing through the OpenSSL computer code. The world can thank Masashi Kikuchi, a software security expert at the small Japanese consulting firm Lepidum who decided to look through the code himself.

The bug has been fixed, and now it’s up to Web browser makers and website servers to update their systems. According to Adam Langley, a senior researcher at Google, these Web browsers are safe:

Internet Explorer Firefox Chrome (for desktop, iOS) Safari

According to Qualys engineering director Ivan Ristic, these browsers are vulnerable:

Android Chrome (for Android)

“We shouldn’t be surprised that there are more flaws in OpenSSL,” said Jean Taggart, a researcher at antivirus maker Malwarebytes. “Security is a process, not a product.”

And if you’re still worried about the handshake bug? Keep yourself clean. Don’t use strangers’ Wi-Fi.

Leave a Comment

Your email address will not be published.

 
Close
Did you find this interesting?
If you answered yes, like/follow us: