The team that discovered Heartbleed has found another 'high severity' security flaw affecting the internet

Advertisement

A truck stuck in a hole

Reuters Photos

Researchers think they've found another potentially big hole in the secure web.

A team of developers responsible for supporting a commonly used encryption protocol known as OpenSSL has uncovered a mysterious new "high severity" vulnerability.

Advertisement

OpenSSL is a security protocol used by open source web servers such as Apache and Nginx - which host around 66% of all the world's sites.

The backend technology hit the headlines in 2014 when a massive security flaw, codenamed Heartbleed, was uncovered.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The flaw was dangerous as it could be exploited by hackers to steal data, even if it was encrypted, from sites and services using OpenSSL.

The nature of the new OpenSSL flaw remains unknown, though the high severity ranking given to it by the project has caused concerns.

Advertisement

The OpenSSL project classifies high severity bugs as "issues affecting common configurations which are also likely to be exploitable [hackable]. Examples include a server denial-of-service, a significant leak of server memory, and remote code execution."

In non-technical language, this means the bug could be used for a range of purposes by hackers, varying from basic nuisance attacks that knock websites and services using OpenSSL offline, to installing malware on victim systems.

Further details about the vulnerability remain unknown, as OpenSSL doesn't want to provide hackers with information they could use to exploit the flaw ahead of its July 9 fix.

This isn't the first major fix released by the OpenSSL Project since Heartbleed. The OpenSSL project released another security update patching 14 vulnerabilities, two of which were also high severity, in May.

The news follows hostility from US and UK government departments to secure services like OpenSSL.

Advertisement

James Comey, director of the Federal Bureau of Investigation (FBI) claimed law enforcement and intelligence agencies need ways to read encrypted traffic if they hope to combat terrorism and crime, earlier in June.

NOW WATCH: How to use Google Maps when you have no phone service