This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/world/2014/apr/08/software-security-flaw-could-expose-australians-personal-and-financial-data
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Software security flaw could expose Australians' personal and financial data | Software security flaw could expose Australians' personal and financial data |
| (about 20 hours later) | |
| The personal and financial details of thousands of Australians held by companies and government departments could be leaked after the discovery of a security flaw in a widely used encryption service. | The personal and financial details of thousands of Australians held by companies and government departments could be leaked after the discovery of a security flaw in a widely used encryption service. |
| OpenSSL, which runs an encryption service used by millions of websites in Australia and across the world, urged customers to update their software after the weakness dubbed the “heartbleed bug” was found. | OpenSSL, which runs an encryption service used by millions of websites in Australia and across the world, urged customers to update their software after the weakness dubbed the “heartbleed bug” was found. |
| A website has been created that explains the impact of the bug, which was discovered by Neel Mehta, from Google security. The site says usernames and passwords from instant message and email services could be compromised. | A website has been created that explains the impact of the bug, which was discovered by Neel Mehta, from Google security. The site says usernames and passwords from instant message and email services could be compromised. |
| “The heartbleed bug allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” the website says. | “The heartbleed bug allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” the website says. |
| “This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. | “This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. |
| “This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.” | “This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.” |
| OpenSSL is used by several federal government departments to secure its sites. | OpenSSL is used by several federal government departments to secure its sites. |
| Guardian Australia contacted the departments of Immigration and Border Protection, Human Services and Health – all agencies that hold sensitive personal information – to ask whether they had been affected by the bug and what was being done to update software. | |
| A spokeswoman for the Department of Human Services said: “The Department of Human Services does not use OpenSSL for any of its internal systems.” | |
| “The department does provide software underpinned by OpenSSL to health professionals for secure communications with Medicare. However none of the versions of OpenSSL identified as being compromised are currently distributed by the department." | |
| The Department of Immigration and Border Protection and Department of Health did not respond by deadline. |