CNN: Alleged Heartbleed hacker nabbed
UPDATED: 5:47 p.m.
According to CNN, Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the county’s tax agency.
Shortly after the Internet bug was revealed to the world last week, the Canada Revenue Agency suffered a data breach that leaked the Social Insurance Numbers of about 900 taxpayers. The agency was forced to shut down its website temporarily to prevent further theft of sensitive personal information.
On Wednesday, the Royal Canadian Mounted Police said it arrested 19-year-old Stephen Arthuro Solis-Reyes at his London, Ontario home a day earlier.
During the police raid, agents seized computer equipment as evidence.
Solis-Reyes now faces two counts of computer-related crimes.
He is scheduled to appear in an Ottawa courtroom on Thursday.
Security researchers have uncovered a fatal flaw in a key safety feature for surfing the web — the one that keeps your email, banking, shopping, passwords and communications private.
What is it you ask?
It’s called Heartbleed bug, and it is essentially and information leak.
It starts with a hole in the software that the vast majority of websites on the internet use to turn your personal information into strings and random numbers and letters.
If you see a padlock image in the address bar, there’s a good chance that site is using the encryption software that was impacted by Heartbleed bug.
For more than two years now, Heartbleed has allowed outsiders to peek into the personal information that was supposed to be protected from snoopers.
The bug allows potential hackers to take advantage of a feature that computers use to see if they’re still online, known as a “heartbeat extension.” But a malicious heartbeat signal could force a computer to divulge secret information stored in its memory.
At the very least, Heartbleed exposes your usernames and passwords.
Most major websites are targets, because they rely on this program.
Many popular sites, including Amazon , Google, Yahoo, and OKCupid, use those encryption tools. Those four sites have updated their websites with a fix for the bug, but many others have not patched their sites yet.
Keep in mind, the service is not 100% reliable.