Security researchers have found new bugs in the Web encryption software that caused the malicious “Heartbleed” cyber threat. Experts say that the new vulnerabilities in OpenSSL, would allow hackers to spy on communications, is not as serious a threat as "Heartbleed."
The new bugs were discovered by the group which released an OpenSSL update that contains seven security fixes. Experts say that websites and technology firms that use OpenSSL technology should install the update on their systems as quickly as possible, but first the companies need to test their systems to make sure that they are compatible with the update.
"They are going to have to patch. This will take some time," said Lee Weiner, senior vice president with cyber security software maker Rapid7.
OpenSSL technology is used by major tech giants including Amazon.com Inc, Yahoo Inc, Facebook Inc and Google Inc. Thousands of technology products from companies, including Cisco Systems Inc, HP, IBM, Intel Corp and Oracle Corp also use the OpenSSL technology.
The "Heartbleed" bug surfaced in April and was used by cyber hackers to steal large quantities of data without leaving a trace. The bug allows attackers to gain access to users passwords and fool them by using fake versions of websites. A recent report from Portuguese security researcher Luis Grangeia says that the heartbleed bug is being used over Wi-Fi to enable new kinds of attacks. The new line of attack called Cupid attacks Android devices running v4.1.
Source: Reuters