Experts recommend halting online transactions after Heartbleed bug attacks

Thanh Nien News

Email Print

RELATED NEWS

Experts recommend users in Vietnam not make any online transactions until the website is confirmed safe against the newly-discovered Heartbleed bug that can be easily used by hackers to attack websites and steal information. Photo: Ngoc Thang
Experts have recommended Vietnam all halt online money transfers after a global bug that can allow attackers to retrieve passwords was detected to have attacked at least 15 e-banking and online transaction websites in Vietnam.
“Most international experts in Internet security recommended that users should stop all online transactions until the website confirms that it is safe against the new bug,” said Nguyen Hong Phuc of the HVA Online Internet security forum.
“Users who made online transactions from April 7 should also change their passwords because they can be stolen,” he said.
Computer security specialists and website masters worldwide were worried about a newly-discovered flaw in online data-scrambling software that hackers can take advantage of.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software, according to heartbleed.com, a website run by Finnish Internet security firm Condenomicon.
This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content, and allowing attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Phuc said hackers have posted ways to attack websites protected by OpenSSL only a few hours after Heartbleed was announced.
“These tools allow people with basic knowledge to use it to attack any system with the flaw.”
He said a patch was supplied by international security experts on April 7 but it would take time to recover a website with the flaw.
Yahoo.com was also attacked and it took around 24 hours to fix it, he said.
According to HVA Online, Vietnamese security specialists were informed about the bug on April 7 and have found that about 15 e-banking and online payment websites in Vietnam were attacked by hackers on April 8.
By April 9, many e-banking pages had been fixed.
Earlier, HVA Online confirmed that the flaw was fixed by several websites, including 123pay, paygate and sohapay.
Experts recommended bank and online transaction websites to update to the latest version of OpenSSL software, reboot their systems and change their SSL certificates.
Nghiem Sy Thang, deputy director of LienVietPostbank confirmed with Thanh Nien that its website had not been attacked by the new bug.
“We will review the system carefully and inform customers if we find any flaw,” he said.
Vietcombank deputy director Dao Minh Tuan also said his bank was checking its online system to avoid being attacked by hackers.
Meanwhile, Nguyen Xuan Hoa, director of the BIDV IT Center, said the bank had contracted with the General Department of Security and Internet security firm BKAV for permanent protection.
“We have discovered and blocked several cases of attacks to BIDV’s OpenSSL software,” he said.
Italian cryptographer Filippo Valsorda has created the Heartbleed Test, filippo.io, which purports to tell you if websites are still compromised.

Like us on Facebook and scroll down to share your comment

More Education/Youth News