Hackers from China waste little time in exploiting Heartbleed

[InfoSec News <alerts () infosecnews org>]

http://www.theage.com.au/it-pro/security-it/hackers-from-china-waste-little-time-in-exploiting-heartbleed-20140416-zqvkd.html

By Jordan Robertson
The Age - ITPro
April 16, 2014

For those who don't feel the urgency to install the latest security fixes 
for their computers or change passwords, take note: Just a day after 
Heartbleed was revealed, attacks from a computer in China were launched.

The software bug, which affects a widely used form of encryption called 
OpenSSL, was announced to the world on Tuesday, April 8 at 3:27am Sydney 
time, according to a timeline pieced together by Fairfax Media. That sent 
companies scrambling to fix their computer systems - and for good reason.

At 10.00 am on Wednesday, a computer in China that was previously used for 
hacking and other malicious activities tried to attack a server at the 
University of Michigan, said J. Alex Halderman, an assistant professor of 
electrical engineering and computer science. The university's computer was 
a "honeypot", which was intentionally left vulnerable and designed to 
attract attacks so researchers could study them.

The hackers' fast turnaround highlights how quickly the digital underworld 
is in taking advantage of newly disclosed software vulnerabilities. So 
far, 41 attempts to exploit the Heartbleed hole have been made on three 
honeypots operated by Halderman and his research team. About half have 
come from China. The attacks could include some attempts by other 
researchers trying to assess the impact of the bug.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/