Press-Republican

FYI...

April 17, 2014

Millions of Android phones, tablets vulnerable to Heartbleed bug

(Continued)

SAN FRANCISCO —

It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers' memory, and a fix for it were announced simultaneously on April 7.

The reach of the vulnerability continues to widen as Cisco Systems Inc. and Juniper Networks Inc. said yesterday that some of their networking-gear products are affected and will be patched. The Canadian government has ordered websites operated by the federal government that use the vulnerable version of OpenSSL to be taken offline until they can be fixed.

The vast majority of large companies protected their systems immediately and the push is now on to make smaller companies do the same, said Robert Hansen, a specialist in Web application security and vice president of the advanced technologies group of WhiteHat Security Inc.

Hackers have been detected scanning the Internet looking for vulnerable servers, especially in traffic coming from China, though it's difficult to know how many have been successful, said Jaime Blasco, director of AlienVault Labs, part of AlienVault. Many attempts have hit dead ends, Blasco said.

More than 80 percent of people running Android 4.1.1 who have shared data with mobile security firm Lookout Inc. are affected, said Marc Rogers, principal security researcher at the San Francisco-based company. Users in Germany are nearly five times as likely as those in the U.S. to be affected, probably because there is a device that uses that version of Android that is popular there, Rogers wrote in an email.

Still, there are no signs that hackers are trying to attack Android devices through the vulnerability as it would be complicated to set up and the success rate would be low, Rogers said. Individual devices are less attractive to go after because they need to be targeted one by one, he said.

"Given that the server attack affects such a larger number of devices and is so much easier to carry out, we don't expect to see any attacks against devices until after the server attacks have been completely exhausted," Rogers wrote in an email.

 

Text Only | Photo Reprints
FYI...
  • 20110929_bowling.jpg Why fewer people go bowling

    Like other industries facing tough economic times, America's bowling centers are trying to reinvent themselves.

    July 30, 2014 1 Photo

  • mama.jpg What we get wrong about millennials living at home

    If the media is to be believed, America is facing a major crisis. "Kids," some age 25, 26, or even 30 years old, are living out of their childhood bedrooms and basements at alarmingly high numbers. The hand-wringing overlooks one problem: It's all overblown.

    July 29, 2014 1 Photo

  • Your chocolate addiction is only going to get more expensive

    For nearly two years, cocoa prices have been on the rise. Finally, that's affecting the price you pay for a bar of chocolate - and there's reason to believe it's only the beginning.

    July 28, 2014

  • Facebook tests button to let people shop from its website

    Members on desktop computers or mobile devices can click a "buy" button to make purchases through advertisements or other posts on the world's largest social network, the Menlo Park, California-based company said Thursday in a blog post.

    July 27, 2014

  • Wal-Mart to cut prices more aggressively in back-to-school push

    Wal-Mart Stores plans to cut prices more aggressively during this year's back-to-school season and will add inventory to its online store as the chain battles retailers for student spending.

    July 26, 2014

  • An oncologist uses scorpion venom to locate cancer cells

    Olson, a pediatric oncologist and research scientist in Seattle, has developed a compound he calls Tumor Paint. When injected into a cancer patient, it seems to light up all the malignant cells so surgeons can easily locate and excise them.

    July 25, 2014

  • An alternative diagnosis to ADHD: Schoolchildren need more time to move

    The Centers for Disease Control and Prevention tells us that in recent years, there has been a jump in the percentage of young people diagnosed with attention deficit and hyperactivity disorder, commonly known as ADHD: 7.8 percent in 2003 to 9.5 percent in 2007 to 11 percent in 2011.

    July 24, 2014

  • Hospitals let patients schedule ER visits

    Three times within a week, 34-year-old Michael Granillo went to the emergency room at Northridge Hospital Medical Center in Los Angeles because of intense back pain. Each time, Granillo, who didn't have insurance, stayed for less than an hour before leaving without being seen by a doctor.

    July 23, 2014

  • Why it's basically impossible to delete those naked selfies you text

    If you're selling an old Android smartphone on an online auction site, you could be giving away rather more than you intend to, according to a recent investigation by anti-malware company Avast.

    July 21, 2014

  • Why does the Vatican need a bank?

    The Vatican Bank's history reads more like Dan Brown than the financial pages, but its worst -- and weirdest -- days may be behind it.

    July 18, 2014