Web Security in Suspicion after Detection of ‘Heartbleed’ Flaw

Millions of websites, social networks and online stores were on stake when operating with a major security flaw, exposing user’s personal and financial info to hackers.

Monday afternoon, the entire IT world got a wakeup call, when an emergency security advisory from the OpenSSL warns about an open and dangerous bug ‘Heartbleed’. The security flaw could be used to grab a portion of working memory from any server. There was an emergency patch, but in the meanwhile, many servers were exposed.

A flaw known as ‘Heartbleed’ Bug could allow attackers to gain access to even highly sensitive and protected information, including usernames, passwords, credit card numbers, and other important data. Computer security researchers and web administrators on Tuesday crawled to fix a serious vulnerability in OpenSSL encryption.

In simple words cyber criminals or hackers can use the Bug to steal your private encryption keys from server running on OpenSSL protocols. According to reports, the servers of Flickr, Imgur and Yahoo have been affected. This is around two-year-old flaw and hence no one have any idea about how many servers have been compromised and how many people have exploited.

Heartbleed.com reads, “Operating system vendors and distribution, independent software and appliance vendors have to fix as well as notify their users. Service providers and users have to install the fix as it becomes available for software, networked appliances and operating systems they use.”

The problem was discovered by a team of researchers from Codenomicon and Google Security. Their research found Yahoo, Twitter, Steam, Tumblr, GitHub, PostFinance, HypoVereinsbank, Commonwealth Bank of Australia and Regents bank are all affected by the bug. Apple, Microsoft and Google seem to be unaffected.

The researchers said that your popular social site, commerce site, hobby site, company’s site might using vulnerable OpenSSL.


Tags:, , ,