U.S.

'Heartbleed Bug': Here's Why Changing Passwords To Protect Yourself Is Of No Use, Websites Need To Step Up

By

Have you been spending all your time trying to change each one of your passwords due to the threat of the "Heartbleed" bug? You might re-think wasting your time.

The bug that has threatened to expose data to hackers cannot be protected against by Internet users until vulnerable websites upgrade their software, Reuters reported.

Running a widely used Web encryption program known as OpenSSL that makes Web servers vulnerable to the theft of data, including passwords, confidential communications and credit card numbers, hacking groups have conducted automated scans of the Internet in search of these servers, security experts warned.

Even though about two-thirds of all Web servers use OpenSSL, the issue has gone undetected for about two years.

"Kurt Baumgartner, a researcher with security software maker Kaspersky Lab, said his firm uncovered evidence on Monday that a few hacking groups believed to be involved in state-sponsored cyber espionage were running such scans shortly after news of the bug first surfaced the same day," Reuters reported.

Reuters added, "By Tuesday, Kaspersky had identified such scans coming from 'tens' of actors, and the number increased on Wednesday after security software company Rapid7 released a free tool for conducting such scans."

"The problem is insidious," Baumgartner said. "Now it is amateur hour. Everybody is doing it."

Servers that host websites are the only ones that use Open SSL software. Since the bug exposes passwords and other data entered on those devices to hackers, it must be fixed by website operators.

Devices such as PCs or mobiles don't need to worry about this threat.

"There is nothing users can do to fix their computers," said Mikko Hypponen, chief research officer with security software maker F-Secure.

Measures have been taken to mitigate the impact of the bug on users, representatives for Facebook Inc., Google and Yahoo Inc. told Reuters

Google spokeswoman Dorothy Chou told Reuters, "We fixed this bug early and Google users do not need to change their passwords."

Ty Rogers, a spokesman for Amazon.com Inc., said, "Amazon.com is not affected."

© 2025 HNGN, All rights reserved. Do not reproduce without permission.
Most Read
The cargo ship Vezhen is anchored outside Karlskrona for examination by Swedish authorities

Norway Seizes Russian-crewed Ship Over Suspected Cable Damage

DC Plane crash
DC Plane Crash: 'A Mistake Was Made' In Deadly Midair Collision, Hegseth Says
Momika, who repeatedly burnt the Koran in 2023 in Sweden, sparking outrage in Muslim countries
Koran Burner Shot Dead In Sweden, Five Arrested
US-CRIME-SHOOTING
Philadelphia Plane Crash: Medical Jet Was Carrying 6 People
President Ferdinand Marcos says his government will remove a US missile system from the Philippines if Beijing ends its 'coercive behaviour' in the contested South China Sea
Philippines To Remove US Missile System If China Ends 'Coercive Behavior'
Editor's Pick
OpenAI CEO Sam Altman fired off a social media post saying 'There is no wall' as fears arise over potential blockages to AI development
AI

Is AI's Meteoric Rise Beginning To Slow?

More than 800 million people are now diabetic, compared to less than 200 million in 1990, researchers say
Health

Global Diabetes Rate Has Doubled In Last 30 Years: Study

Rising temperatures due to global warming has led to mass bleaching events striking coral across the world
World

Nearly Half Of Tropical Coral Species Face Extinction: Report

A record 120 million people already live forcibly displaced by war, such as this camp in Syria
World

Climate Crisis Worsening Already 'Hellish' Refugee Situation: UN

Real Time Analytics