Heartbleed flaw described as 'catastrophic' by experts: 'On the scale of 1 to 10, this is an 11'

Damage from the recently discovered flaw is impossible to assess, although most major companies have already secured their websites

A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.

The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.

Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.

Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.

The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.

The padlock in browser used to signal that HTTPS encryption is being used has been unsafe for more than two years.

The scale of the damage might never be known but the bug is thought to be the most serious uncovered in recent years. Some websites are encouraging users to change their passwords while others are advising that until they have confirmed that the bug has been fixed, changing passwords will do nothing.

Other security researchers have given more practical advice: “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”

Google says that it has already “applied patches to key Google services” while Yahoo says that it has “made the appropriate corrections across the main Yahoo properties”. Facebook too, says that it has addressed the issues

Unfortunately, there’s not much that individual users can do to protect against ‘heartbleed’ – the responsibility is with the companies tasked with operating individual websites.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Hosting Support Agent

    Negotiable: Recruitment Genius: One of the North West's leading web hosting pr...

    Recruitment Genius: Data Centre & Systems Support Engineers

    Negotiable: Recruitment Genius: This accelerated growth ISP company is current...

    Ashdown Group: Senior Systems Administrator - London - £50,000

    £40000 - £50000 per annum + benefits: Ashdown Group: Senior Systems Administra...

    Recruitment Genius: .NET Web Developer

    £35000 - £45000 per annum: Recruitment Genius: A fantastic opportunity for a t...

    Day In a Page

    The difference between America and Israel? There isn’t one

    The difference between America and Israel? There isn’t one

    Netanyahu knows he can get away with anything in America, says Robert Fisk
    Families clubbing together to build their own affordable accommodation

    Do It Yourself approach to securing a new house

    Community land trusts marking a new trend for taking the initiative away from developers
    Head of WWF UK: We didn’t send Cameron to the Arctic to see green ideas freeze

    David Nussbaum: We didn’t send Cameron to the Arctic to see green ideas freeze

    The head of WWF UK remains sanguine despite the Government’s failure to live up to its pledges on the environment
    Author Kazuo Ishiguro on being inspired by shoot-outs and samurai

    Author Kazuo Ishiguro on being inspired by shoot-outs and samurai

    Set in a mythologised 5th-century Britain, ‘The Buried Giant’ is a strange beast
    With money, corruption and drugs, this monk fears Buddhism in Thailand is a ‘poisoned fruit’

    Money, corruption and drugs

    The monk who fears Buddhism in Thailand is a ‘poisoned fruit’
    America's first slavery museum established at Django Unchained plantation - 150 years after slavery outlawed

    150 years after it was outlawed...

    ... America's first slavery museum is established in Louisiana
    Kelly Clarkson: How I snubbed Simon Cowell and become a Grammy-winning superstar

    Kelly Clarkson: How I snubbed Simon Cowell and become a Grammy-winning superstar

    The first 'American Idol' winner on how she manages to remain her own woman – Jane Austen fascination and all
    Tony Oursler on exploring our uneasy relationship with technology with his new show

    You won't believe your eyes

    Tony Oursler's new show explores our uneasy relationship with technology. He's one of a growing number of artists with that preoccupation
    Ian Herbert: Peter Moores must go. He should never have been brought back to fail again

    Moores must go. He should never have been brought back to fail again

    The England coach leaves players to find solutions - which makes you wonder where he adds value, says Ian Herbert
    War with Isis: Fears that the looming battle for Mosul will unleash 'a million refugees'

    The battle for Mosul will unleash 'a million refugees'

    Aid agencies prepare for vast exodus following planned Iraqi offensive against the Isis-held city, reports Patrick Cockburn
    Yvette Cooper: We can't lose the election. There's too much on the line

    Yvette Cooper: We can't lose the election. There's too much on the line

    The shadow Home Secretary on fighting radical Islam, protecting children, and why anyone in Labour who's thinking beyond May must 'sort themselves out'
    A bad week for the Greens: Leader Natalie Bennett's 'car crash' radio interview is followed by Brighton council's failure to set a budget due to infighting

    It's not easy being Green

    After a bad week in which its leader had a public meltdown and its only city council couldn't agree on a budget vote, what next for the alternative party? It's over to Caroline Lucas to find out
    Gorillas nearly missed: BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter

    Gorillas nearly missed

    BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
    Downton Abbey effect sees impoverished Italian nobles inspired to open their doors to paying guests for up to €650 a night

    The Downton Abbey effect

    Impoverished Italian nobles are opening their doors to paying guests, inspired by the TV drama
    China's wild panda numbers have increased by 17% since 2003, new census reveals

    China's wild panda numbers on the up

    New census reveals 17% since 2003