[ISN] Hackers from China waste little time in exploiting Heartbleed

http://www.theage.com.au/it-pro/security-it/hackers-from-china-waste-little-time-in-exploiting-heartbleed-20140416-zqvkd.html By Jordan Robertson The Age – ITPro April 16, 2014 For those who don’t feel the urgency to install the latest security fixes for their computers or change passwords, take note: Just a day after Heartbleed was revealed, attacks from a computer in China were launched. The software bug, which affects a widely used form of encryption called OpenSSL, was announced to the world on Tuesday, April 8 at 3:27am Sydney time, according to a timeline pieced together by Fairfax Media. That sent companies scrambling to fix their computer systems – and for good reason. At 10.00 am on Wednesday, a computer in China that was previously used for hacking and other malicious activities tried to attack a server at the University of Michigan, said J. Alex Halderman, an assistant professor of electrical engineering and computer science. The university’s computer was a “honeypot”, which was intentionally left vulnerable and designed to attract attacks so researchers could study them. The hackers’ fast turnaround highlights how quickly the digital underworld is in taking advantage of newly disclosed software vulnerabilities. So far, 41 attempts to exploit the Heartbleed hole have been made on three honeypots operated by Halderman and his research team. About half have come from China. The attacks could include some attempts by other researchers trying to assess the impact of the bug. […]