guides & articles

Related listings

Latest Postings

Subscribe to the hottest news, latest promotions & discounts from STClassifieds & our partners

I agree to abide by STClassifieds Terms and Conditions

Gadgets & Home Improvement

Beware Heartbleed, websites warned

Watchdog urges S'pore site owners to patch systems against deadly bug
The Straits Times - April 11, 2014
By: Irene Tham, Technology Correspondent
| More
Beware Heartbleed, websites warned Patch and protect your valuable information

SINGAPORE'S national information watchdog has issued local websites a stark warning about a newly found bug that allows snoopers to enter sites to steal confidential data like passwords.

Named Heartbleed, the bug has potentially opened the door for attackers to two-thirds of the world's websites.

The Singapore Computer Emergency Response Team said on its website that a "serious bug" had been discovered "which could lead to unauthorised access to confidential data".

The unit of technology regulator Infocomm Development Authority (IDA) of Singapore urged website owners to patch their systems to prevent theft of their information.

The IDA told The Straits Times yesterday no government websites and systems have been attacked.

Its spokesman added: "Government agencies have been informed to adopt all necessary security measures for their websites and e-services. This includes the checking and fixing of vulnerabilities and software patching, where applicable."

The bug, which has been lurking undetected for more than two years, is found in a computer code called OpenSSL.

This code is designed to put data on websites under lock and key. But at least 500,000 servers are reportedly exposed, including those of hosted e-mail service provider Yahoo.

Heartbleed lets an attacker pull any data from a server's working memory. The server's encryption keys could be stolen and used to unlock highly sensitive information, making Web transactions unsafe.

Security experts could not ascertain if any damage has been done, but said organisations around the world are scrambling to fix the worst Internet bug yet.

"OpenSSL is like the foundation of modern-day encryption, thus making the scope of this vulnerability very wide indeed," said Mr David Siah, country manager for security software firm Trend Micro Singapore.

Hackers may have exploited the weakness in thousands of websites. "It does not leave any trace in system log files," said Mr Ari Takanen, chief technology and research officer at Finnish security firm Codenomicon, which helped uncover the bug.

Organisations are advised to patch the vulnerable software and change the encryption keys for securing stored data.

They should also notify customers of any patching and get them to change their passwords as these might have been stolen, said Mr Chai Chin Loon, chief operating officer of security hardware firm Assurity Trusted Solutions, an IDA subsidiary.

A Yahoo spokesman said it recently patched its system, but declined to say if it notified users.

Meanwhile, most bank users here appear unaffected. DBS and OCBC said they do not use OpenSSL, while UOB said it is not affected. Citibank has checked and has "no reason to believe our customer-facing websites are susceptible to this vulnerability", said its spokesman.


To change or not to change your computer password