OpenSSL exposure data is difficult to be massively stolen

Source: Internet
Author: User
Keywords Hacker HTTP security if
Tags abstract data hacker hackers http https information it is
Abstract: A foreign hacker's explosion, a serious impact on Windows XP to stop the official support message. April 7, a foreign hacker announced the OpenSSL loophole known as Heartbleed. This vulnerability exists in the OpenSSL v1.0.1--1.0.1f version, if the user uses the

A foreign hacker's explosion has seriously impacted the attention of Windows XP to stop official support messages. April 7, a foreign hacker announced the OpenSSL loophole known as Heartbleed. This vulnerability exists in the OpenSSL v1.0.1--1.0.1f version, if users use the HTTPS protocol to access the above version of the site, the user's account password can be detected by hackers.

SSL, full name secure Socket Layer. Netscape launched its first web browser, and introduced the SSL protocol to secure data transfers over the Internet. The use of data encryption (encryption) technology ensures that data is not intercepted and tapped during transmission over the network. OpenSSL's Heartbleed loophole was allegedly discovered in 2012, but was not officially numbered until April 7 this year.

Star Chen safety consultant Xu Tianfu to Sohu it said, the use of SSL security protocol HTTPS protocol is widely used in net silver, online payment, Electronic business site, mailbox login and other scenes. When accessing a Web site using the normal HTTP protocol, the security of the user's information is not affected by OpenSSL. Because most of the time in the financial security and privacy of the Web pages, the server will force the use of HTTPS protocol, so the recent users in the use of such pages, especially the net or online payment page needs special attention, so as to avoid the login information hackers intercepted.

It is said that because OpenSSL is deployed on the Web server side, this vulnerability is not related to the user's personal computer security. At present, the major well-known websites have been fixed this loophole.

Since hackers get less information in a given time period, there should be no "drag-and-drop" issues similar to the size of the 2011 end of the scale. Xu Tianfu suggested that if the user logged in these days using the HTTPS Protocol Web page, it is best to modify the login password in time to ensure security. If the user is not assured, you can use the online detection tool to proactively see if there is a OpenSSL Heartbleed vulnerability to the HTTPS page that will be accessed.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.