General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMillions of Android Devices Vulnerable to Heartbleed Bug
Last edited Mon Apr 14, 2014, 10:11 AM - Edit history (1)
Millions of smartphones and tablets running Google Inc. (GOOG)s Android operating system have the Heartbleed software bug, in a sign of how broadly the flaw extends beyond the Internet and into consumer devices.
While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the limited exception was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software. The company said less than 10 percent of active devices are vulnerable. More than 900 million Android devices have been activated worldwide.
The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
http://www.bloomberg.com/news/2014-04-11/millions-of-android-devices-vulnerable-to-heartbleed-bug.html
I don't know how much you know about Heartbleed, but this is some serious shit that will affect online security forever.
If a service offers '2-Step Verification' USE IT.
Apple services, iOS and OS X, unaffected btw.
The Heartbleed Hit List: The Passwords You Need to Change Right Now
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected
ananda
(28,860 posts).. no matter what kind of device or computer you use.
The advice is to change your pw and use all the protections
the device offers.
ChromeFoundry
(3,270 posts)At least Google doesn't try to hide flaws introduced by the use of OpenSource software. And they didn't completely drop the ball on all SSL traffic like Apple did with their GotoFail vulnerability and then try to obfuscate the threat by releasing a patch in a routine, low priority update.