A major new security vulnerability referred to as Heartbleed was disclosed late Monday night with severe implications for the entire Web. Hundreds of thousands of web and email servers worldwide could easily have this software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections.
The Heartbleed bug could also leak personal information to hackers when people carry out mundane everyday activities like searches or checking email. What makes the bug so highly potent is the fact that it has been discovered in one of the most widely used web–platforms OpenSSL. Some of the recent discoveries of the vulnerability were identified in OKCupid, Eventbrite, and the FBI's website, all of which run affected versions of OpenSSL. It's an extremely serious issue which has already affected some 500,000 servers, according to Netcraft, an Internet research firm.
The bug was discovered jointly researchers at Google Inc. and a small security firm Codenomicon. The severity of the bug is so serious that the U.S. government`s Department of Homeland Security has issued an advisory to businesses on Tuesday to review their servers to see if they were using vulnerable versions a type of OpenSSL.
Fortunately, updates for patching the vulnerability are already available on the OpenSSL website, but unless they are applied from within the server mainframe, websites and the data housed on the servers are said to be still quite vulnerable to theft.
Heartbleed bug is so powerful, it exposes the most sensitive components of data, revealed Michael Coates, Director of Product Security for Shape Security, "If a website is vulnerable I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website." Powerful tech companies' websites like that of Yahoo too are susceptible proved Mark Loman, who was able to extract data from Yahoo Mail servers by using a free tool that ran on the Heartbleed backbone.
SSL or Secure Sockets Layer is the most common technology used to secure websites. Web servers that use it can securely send an encryption key to the visitor; that is then used to protect all other information coming to and from the server. In short, a valid SSL encryption was hereto assumed to offer a very secure pathway for communication between user and the server. SSL is crucial in protecting services like online shopping or banking from eavesdropping, as it renders users immune to so-called man–in–the–middle attacks, where a third party intercepts both streams of traffic and uses them to discover confidential information, reported The Guardian.
One of the biggest discoveries, Heartbleed is sure to cause a flurry of activity. However, users are cautioned to keep a close watch on their bank accounts for suspicious activities, advises CNET.
[Image Credit | Epoch Times]