years, due to a flaw in software used to encrypt and transmit personal data.

因為用來加密傳輸個人資料的軟體被發現存在漏洞。

Shin Se-min reports.

以下為申世民的報導。

Millions of passwords, credit card numbers and other sensitive information may be at

數百萬組密碼、信用卡卡號和其他機密數據恐

risk from "Heartbleed," a security bug in an obscure kind of software.

已遭受"Heartbleed"的魔爪 － 一項安全漏洞存在於一種鮮為人知的軟體。

The bug was accidentally added to software called OpenSSL that sets up an encrypted data

該程式臭蟲被意外加入稱為OpenSSL的軟體，此軟體

channel between computer users and a website's remote server.

為電腦用戶和網站遠端伺服器間設置了一個加密數據通道。

A small padlock icon appears on websites using OpenSSL to reassure users, but the so-called

使用OpenSSL保障用戶的網站會顯示一個小鎖的圖樣，但所謂的

"Heartbleed" loophole could have left it open to exploitation by hackers.

"Heartbleed"漏洞反而讓它可能被駭客利用。

A Finnish online security firm and Google Security, who disclosed the threat, say the

發現此威脅的是一間位於芬蘭的網路安全公司和谷歌安全部門，他們表示

glitch went undetected for at least two years. Security experts are advising the public to

這項問題已持續至少兩年未被發現。網路安全專家建議民眾

upgrade their own security practices and change all their passwords.

更新安全防護措施並更改所有密碼。

Experts fear hackers may have already been exploiting the problem before its discovery.

專家擔心駭客可能在問題被發現前已利用了這項漏洞。

The Canadian Revenue Agency even shut off all its access to its online tax services,

加拿大國稅局甚至關閉了所有線上稅務服務，

because the "Heartbleed" bug has made data on major websites vulnerable.

因為"Heartbleed"漏洞已讓各大網站資料缺乏保障。

Fortunately, most major Web services such as Google, Yahoo, Facebook and large banks

幸運的是，多數重要網路服務如谷歌、雅虎、臉書和大型銀行

say they have already applied fixes to the affected servers and services.

宣布，他們已修復受影響的伺服器和網路服務。

However, it could be days or weeks before smaller websites that rely on OpenSSL fix

然而，使用OpenSSL的小型網站可能需要數天或數週的時間才能修正

the issue. Because a "Heartbleed" attack leaves no trace

錯誤。因為"Heartbleed"攻擊不會留下痕跡，

behind, and the potential damage is significant, websites that use OpenSSL are advised to act

且可能造成重大損失，使用OpenSSL的網站建議應

as though they've been compromised. The extent of damage from the bug remains

假設已遭入侵進行修補程序。這項漏洞造成的損害程度尚未

unknown. Shin Se-min, Arirang News.

明朗。申世民，阿里郎新聞。