For those who don't feel the urgency to install the latest security fixes for their computers, take note: Just a day after Heartbleed was revealed, attacks from a computer in China were launched.
The software bug, which affects a widely used form of encryption called OpenSSL, was announced to the world April 7 at 1:27 p.m. New York time, according to the Sydney Morning Herald. That sent companies scrambling to fix their computer systems -- and for good reason.
The catastrophic Heartbleed security bug that has already bitten Yahoo Mail, the Canada Revenue Agency, and other public websites also poses a formidable threat to end-user applications and devices, including millions of Android handsets, security researchers warned.
On Monday, after seven months of discussion and planning, the first-phase of a two-part audit of TrueCrypt was released.
The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”
The National Security Agency denied that it previously knew of the Heartbleed bug, calling reports that it or any part of the U.S. government were aware before April “wrong.”
Bloomberg reported earlier Friday that the NSA knew of the bug in the widely used encryption tool called OpenSSL for at least two years and exploited it to gather intelligence. Security researchers have called Heartbleed one of the biggest flaws in the Internet’s history. Later in the day, the NSA released a statement saying the agency wasn’t aware of Heartbleed until it was made public.
On New Years Eve in 2011, at one minute before 11pm, a British computer consultant named Stephen Henson finished testing a new version of a popular piece of free security software. With a few keystrokes he released OpenSSL version 1.0.1 into the public domain. Now, more than two years later, the events of that night have shaken the foundations of the internet.