This Giant Security Hole Could Impact A Huge Chunk Of The 'Secure' Web
Nicknamed "the Heartbleed Bug," the new security flaw enables an attacker steal secure content and the encryption keys that protect that data, according to new reports. The Heartbleed Bug essentially does this by tricking secure servers - which handle encrypted data - into spitting out chunks of unencrypted data.Secure servers are often used to store personal information. For example, this could include the encryption keys used to transmit your credit card number in the form of an unbreakable code when you make an online purchase.
The Heartbleed Bug is specifically detrimental because it not only allows the attacker to crack these codes and read the protected data as if it were plain text, but it enables hackers to store the encryption keys as well. Once an attacker has the keys, he or she may be able to bypass security checks in your Web browser, according to TechCrunch.The bug specifically affects "OpenSSL" - a hub that stores encryption keys used by a very large portion of the Internet's traffic. Open source Web servers that use OpenSSL account for 66 percent of sites on the Web, according to data from Netcraft's April 2014 Web Server Study.
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commercial site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.
What's more, Codenomicon said it tested the bug itself to understand the severity of its affects. Here's what the company found:We have tested some of our own services from the attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able to steal from ourselves the secret keys used for our X.509 certificates [a standard cryptographic key], user names and passwords, instant messages, emails and business critical documents and communication.
The Heartbleed issue was originally spotted by Neel Mehta of Google Security and the team at Codenomicon. OpenSSL has since issued an emergency software update to address the bug.
- Chris Gayle appears four times in the top 10 list of most sixes hit in an IPL match
- Up-close and not so personal with Munnar’s pit vipers, gliding frogs and more
- Haryana government extends lockdown in the state till May 24
- UK's Cairn Energy identifies $70 billion Indian assets for seizing to recover amount due from government
- States to receive nearly 51 lakh COVID-19 vaccine doses in next three days, says Union Health Ministry