A foreign hacker's explosion has seriously impacted the attention of Windows XP to stop official support messages. April 7, a foreign hacker announced the OpenSSL loophole known as Heartbleed. This vulnerability exists in the OpenSSL v1.0.1--1.0.1f version, if users use the HTTPS protocol to access the above version of the site, the user's account password can be detected by hackers.
SSL, full name secure Socket Layer. Netscape launched its first web browser, and introduced the SSL protocol to secure data transfers over the Internet. The use of data encryption (encryption) technology ensures that data is not intercepted and tapped during transmission over the network. OpenSSL's Heartbleed loophole was allegedly discovered in 2012, but was not officially numbered until April 7 this year.
Star Chen safety consultant Xu Tianfu to Sohu it said, the use of SSL security protocol HTTPS protocol is widely used in net silver, online payment, Electronic business site, mailbox login and other scenes. When accessing a Web site using the normal HTTP protocol, the security of the user's information is not affected by OpenSSL. Because most of the time in the financial security and privacy of the Web pages, the server will force the use of HTTPS protocol, so the recent users in the use of such pages, especially the net or online payment page needs special attention, so as to avoid the login information hackers intercepted.
It is said that because OpenSSL is deployed on the Web server side, this vulnerability is not related to the user's personal computer security. At present, the major well-known websites have been fixed this loophole.
Since hackers get less information in a given time period, there should be no "drag-and-drop" issues similar to the size of the 2011 end of the scale. Xu Tianfu suggested that if the user logged in these days using the HTTPS Protocol Web page, it is best to modify the login password in time to ensure security. If the user is not assured, you can use the online detection tool to proactively see if there is a OpenSSL Heartbleed vulnerability to the HTTPS page that will be accessed.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.