Heartbleed Hack Attack

NHateioanarl tbleed Hack Attack

Every year, Canadians file their income tax returns with the Canada Revenue Agency (CRA). They share highly personal information: social insurance numbers, income, birthdates and addresses. Most people file electronically. They send this sensitive data to a secure website that encrypts it and safely transmits it to the CRA.

Or so they think. The CRA website, along with millions of others, has been vulnerable to hackers for over two years. The reason? An Internet bug called Heartbleed.

Global security

breach

Heartbleed is a tiny coding error in the OpenSSL security software used by two-thirds of the Internet. Digital security expert Bruce Schneier called the software flaw "catastrophic."

"It allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. On a scale of one to ten, it's an eleven," he said.

Heartbleed exposed millions of passwords, half a million websites and hundreds of thousands of servers to cyberspies and criminals.

What took so long?

The online security community found out about Heartbleed on April 7. From April 8 to 13, the CRA shut down public portions of its website to patch the hole. Then, on April 14, Canadians learned the worst. Over a sixhour period, a computer hacker had stolen 900 social insurance numbers (SINs).

How Heartbleed Works

OpenSSL software allows computers to safely and securely trade information.

How does it work? The software sends out a small pulse of encrypted data called a heartbeat. With each beat, a tiny chunk of memory content can leak out. The Heartbleed flaw allowed hackers to access the leaks to find and expose usernames and passwords ? and even to break the OpenSSL code wide open. Snoopers read the data as it moved between computers, so they left no trace of their activity.

Most sites have already plugged the hole with a patch, but the damage is done. It prompted one Internet security expert to say, "I would change every password everywhere."

Definitions

Coding: the symbolic arrangement of data or instructions in a computer

Encrypts: converts from a regular language into a code as a way of keeping secrets

2013/2014: Issue 8 Wh at in the world? ? Le vel 1

Page 3

NHateioanarl tbleed Hack Attack

Every year, Canadians file their income tax returns with the Canada Revenue Agency (CRA). They share highly personal information: social insurance numbers, income, birthdates and addresses. Most people file electronically. They send this sensitive data to a secure website that encrypts it and safely transmits it to the CRA.

Or so they think. The CRA website, along with millions of others, has been vulnerable to hackers for over two years. The reason? An Internet bug called Heartbleed.

Global security

breach

Heartbleed is a tiny coding error in the OpenSSL security software used by two-thirds of the Internet. Digital security expert Bruce Schneier called the software flaw "catastrophic."

"It allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. On a scale of one to ten, it's an eleven," he said.

Heartbleed exposed millions of passwords, half a million websites and hundreds of thousands of servers to cyberspies and criminals.

What took so long?

The online security community found out about Heartbleed on April 7. From April 8 to 13, the CRA shut down public portions of its website to patch the hole. Then, on April 14, Canadians learned the worst. Over a sixhour period, a computer hacker had stolen 900 social insurance numbers (SINs).

How Heartbleed Works

OpenSSL software allows computers to safely and securely trade information.

How does it work? The software sends out a small pulse of encrypted data called a heartbeat. With each beat, a tiny chunk of memory content can leak out. The Heartbleed flaw allowed hackers to access the leaks to find and expose usernames and passwords ? and even to break the OpenSSL code wide open. Snoopers read the data as it moved between computers, so they left no trace of their activity.

Most sites have already plugged the hole with a patch, but the damage is done. It prompted one Internet security expert to say, "I would change every password everywhere."

Definitions

Coding: the symbolic arrangement of data or instructions in a computer

Encrypts: converts from a regular language into a code as a way of keeping secrets

2013/2014: Issue 8 Wh at in the world? ? Le vel 1

Page 3

NHateioanarl tbleed Hack Attack

Every year, Canadians file their income tax returns with the Canada Revenue Agency (CRA). They share highly personal information: social insurance numbers, income, birthdates and addresses. Most people file electronically. They send this sensitive data to a secure website that encrypts it and safely transmits it to the CRA.

Or so they think. The CRA website, along with millions of others, has been vulnerable to hackers for over two years. The reason? An Internet bug called Heartbleed.

Global security

breach

Heartbleed is a tiny coding error in the OpenSSL security software used by two-thirds of the Internet. Digital security expert Bruce Schneier called the software flaw "catastrophic."

"It allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. On a scale of one to ten, it's an eleven," he said.

Heartbleed exposed millions of passwords, half a million websites and hundreds of thousands of servers to cyberspies and criminals.

What took so long?

The online security community found out about Heartbleed on April 7. From April 8 to 13, the CRA shut down public portions of its website to patch the hole. Then, on April 14, Canadians learned the worst. Over a sixhour period, a computer hacker had stolen 900 social insurance numbers (SINs).

How Heartbleed Works

OpenSSL software allows computers to safely and securely trade information.

How does it work? The software sends out a small pulse of encrypted data called a heartbeat. With each beat, a tiny chunk of memory content can leak out. The Heartbleed flaw allowed hackers to access the leaks to find and expose usernames and passwords ? and even to break the OpenSSL code wide open. Snoopers read the data as it moved between computers, so they left no trace of their activity.

Most sites have already plugged the hole with a patch, but the damage is done. It prompted one Internet security expert to say, "I would change every password everywhere."

Definitions

Coding: the symbolic arrangement of data or instructions in a computer

Encrypts: converts from a regular language into a code as a way of keeping secrets

2013/2014: Issue 8 Wh at in the world? ? Le vel 1

Page 3

NHateioanarl tbleed Hack Attack

Every year, Canadians file their income tax returns with the Canada Revenue Agency (CRA). They share highly personal information: social insurance numbers, income, birthdates and addresses. Most people file electronically. They send this sensitive data to a secure website that encrypts it and safely transmits it to the CRA.

Or so they think. The CRA website, along with millions of others, has been vulnerable to hackers for over two years. The reason? An Internet bug called Heartbleed.

Global security

breach

Heartbleed is a tiny coding error in the OpenSSL security software used by two-thirds of the Internet. Digital security expert Bruce Schneier called the software flaw "catastrophic."

"It allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. On a scale of one to ten, it's an eleven," he said.

Heartbleed exposed millions of passwords, half a million websites and hundreds of thousands of servers to cyberspies and criminals.

What took so long?

The online security community found out about Heartbleed on April 7. From April 8 to 13, the CRA shut down public portions of its website to patch the hole. Then, on April 14, Canadians learned the worst. Over a sixhour period, a computer hacker had stolen 900 social insurance numbers (SINs).

How Heartbleed Works

OpenSSL software allows computers to safely and securely trade information.

How does it work? The software sends out a small pulse of encrypted data called a heartbeat. With each beat, a tiny chunk of memory content can leak out. The Heartbleed flaw allowed hackers to access the leaks to find and expose usernames and passwords ? and even to break the OpenSSL code wide open. Snoopers read the data as it moved between computers, so they left no trace of their activity.

Most sites have already plugged the hole with a patch, but the damage is done. It prompted one Internet security expert to say, "I would change every password everywhere."

Definitions

Coding: the symbolic arrangement of data or instructions in a computer

Encrypts: converts from a regular language into a code as a way of keeping secrets

2013/2014: Issue 8 Wh at in the world? ? Le vel 1

Page 3

NHateioanarl tbleed Hack Attack

Every year, Canadians file their income tax returns with the Canada Revenue Agency (CRA). They share highly personal information: social insurance numbers, income, birthdates and addresses. Most people file electronically. They send this sensitive data to a secure website that encrypts it and safely transmits it to the CRA.

Or so they think. The CRA website, along with millions of others, has been vulnerable to hackers for over two years. The reason? An Internet bug called Heartbleed.

Global security

breach

Heartbleed is a tiny coding error in the OpenSSL security software used by two-thirds of the Internet. Digital security expert Bruce Schneier called the software flaw "catastrophic."

"It allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. On a scale of one to ten, it's an eleven," he said.

Heartbleed exposed millions of passwords, half a million websites and hundreds of thousands of servers to cyberspies and criminals.

What took so long?

The online security community found out about Heartbleed on April 7. From April 8 to 13, the CRA shut down public portions of its website to patch the hole. Then, on April 14, Canadians learned the worst. Over a sixhour period, a computer hacker had stolen 900 social insurance numbers (SINs).

How Heartbleed Works

OpenSSL software allows computers to safely and securely trade information.

How does it work? The software sends out a small pulse of encrypted data called a heartbeat. With each beat, a tiny chunk of memory content can leak out. The Heartbleed flaw allowed hackers to access the leaks to find and expose usernames and passwords ? and even to break the OpenSSL code wide open. Snoopers read the data as it moved between computers, so they left no trace of their activity.

Most sites have already plugged the hole with a patch, but the damage is done. It prompted one Internet security expert to say, "I would change every password everywhere."

Definitions

Coding: the symbolic arrangement of data or instructions in a computer

Encrypts: converts from a regular language into a code as a way of keeping secrets

2013/2014: Issue 8 Wh at in the world? ? Le vel 1

Page 3

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download