A recently discovered security bug dubbed Heartbleed has been able to expose millions of passwords, usernames as well as credit cards, a huge problem that computer hackers could have taken advantage of over the past two years that it was undetected.
This new breach is unlike the majority of others reported over the last few years, where one Internet site or another was hacked or had let its guard down.
This time the flaw is in a code designed to make sure servers are secure – the tens of thousands of different servers on which information is stored for tens of thousands of websites
Therefore, some security experts have called Heartbleed the Internet’s worst bug to date, something everyone should worry about who frequents the net or does business on it.
A security company from Finland, Codenomicon helped discover Heartbleed and offered this chilling form of illustration of the danger it holds:
The company tested some services of its own from the perspective of the attacker. The security company attacked itself from outside without a trace being left of an attack. Without the use of any information that was privileged or credentials the company was able to steal from itself the secret keys that are used for X.509 certificates, passwords and usernames, emails, instant messages and document and communication critical to the business.
While businesses were scrambling to fix the problem this week, no one seemed to understand whether any damage had actually been done.
The bug was discovered in a form of software known as OpenSSL. This software is used to encrypt sensitive information on servers to protect the privacy of people. As many as 500,000 servers were said to be vulnerable.
One cryptographer said that users should be worried since a great deal of security infrastructure relies on the OpenSSL.
This includes things such as many websites used to store personal information, and for good or bad, the reliance in the industry on the OpenSSL is increasing.
Through the flaw in security, Heartbleed is able to access the server’s memory contents where private data gets stored.
A fix has been circulated however, it is unclear how widely and quickly it would be implemented.