Heartbleed flaw described as 'catastrophic' by experts: 'On the scale of 1 to 10, this is an 11'
Damage from the recently discovered flaw is impossible to assess, although most major companies have already secured their websites
A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.
The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.
Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.
Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.
The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.
The padlock in browser used to signal that HTTPS encryption is being used has been unsafe for more than two years.
The scale of the damage might never be known but the bug is thought to be the most serious uncovered in recent years. Some websites are encouraging users to change their passwords while others are advising that until they have confirmed that the bug has been fixed, changing passwords will do nothing.
Other security researchers have given more practical advice: “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”
Google says that it has already “applied patches to key Google services” while Yahoo says that it has “made the appropriate corrections across the main Yahoo properties”. Facebook too, says that it has addressed the issues
Unfortunately, there’s not much that individual users can do to protect against ‘heartbleed’ – the responsibility is with the companies tasked with operating individual websites.
Life & Style blogs
Dame Vivienne Westwood: The former Queen of Punk may now be an establishment pillar, but her work is still controversial – and much copied
Can SkySaga capture the Minecraft magic?
Girl, 7, gets Tesco to remove 'stupid' sign suggesting superheroes are 'for boys'
A bottle of wine a day is not bad for you and abstaining is worse than drinking, scientist claims
Coke milk? Coca-Cola to launch premium milk brand called Fairlife
Ukip says babies born to immigrants in the UK should be classed as migrants – which would include Nigel Farage’s own children
Rochester by-election: Ukip gains second MP as Tory defector Mark Reckless holds seat
'Beast of Bolsover' Dennis Skinner takes Ukip MP Mark Reckless to task moments after he is sworn in
The young are the new poor: Sharp increase in number of under-25s living in poverty, while over-65s are better off than ever
Tamir Rice: 12-year-old boy playing with fake gun dies after being shot by Ohio police
Exclusive: UK approved £7m Israeli arms sales in six months before Gaza conflict
- 1 'Kidnapped boy may have been abused and murdered by VIP paedophile ring,' say police
- 2 Ridley Scott on Exodus, Gods and Kings casting: 'I'm not going to get it financed if my lead actor is Mohammad so-and-so from such-and-such'
- 3 Girl, 7, gets Tesco to remove 'stupid' sign suggesting superheroes are 'for boys'
- 4 This letter from a reader explains why women can’t play football
- 5 'You should come to my house and eat cheeses with me': 4-year-old sends adorable love letter to girl at school
iJobs Gadgets & Tech
£18000 - £23000 per annum + OTE: SThree: SThree are seeking Associate Recruitm...
£23000 - £27000 per annum + Benefits: Ampersand Consulting LLP: Server Enginee...
Negotiable: h2 Recruit Ltd: A rapidly expanding, global Software/ SaaS Vendor ...
£35000 - £50000 per annum: h2 Recruit Ltd: After a highly successful 2014, a m...