Heartbleed flaw described as 'catastrophic' by experts: 'On the scale of 1 to 10, this is an 11'
Damage from the recently discovered flaw is impossible to assess, although most major companies have already secured their websites
A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.
The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.
Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.
Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.
The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.
The padlock in browser used to signal that HTTPS encryption is being used has been unsafe for more than two years.
The scale of the damage might never be known but the bug is thought to be the most serious uncovered in recent years. Some websites are encouraging users to change their passwords while others are advising that until they have confirmed that the bug has been fixed, changing passwords will do nothing.
Other security researchers have given more practical advice: “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”
Google says that it has already “applied patches to key Google services” while Yahoo says that it has “made the appropriate corrections across the main Yahoo properties”. Facebook too, says that it has addressed the issues
Unfortunately, there’s not much that individual users can do to protect against ‘heartbleed’ – the responsibility is with the companies tasked with operating individual websites.
Life & Style blogs
iPhone 7 (or iPhone 6S) leaked pictures show similarities to older model — but Apple is fixing the biggest issue of all
The face of fertility: why do men find women who are near ovulation more attractive?
'Help me I'm trapped in a factory' messages keep being found on bottles of vitamin water
Google has set its terrifying, dreaming image robots on the public
What do the emojis on Snapchat mean?
Greece crisis: IMF was pushed around by Angela Merkel and Nicholas Sarkozy – and now it is being humiliated
Nathan Collier: Montana man inspired by same-sex marriage ruling requests right to wed two wives
'I wish the BBC would stop calling it Islamic State' – David Cameron unleashes frustration at broadcaster
Forget little green men – aliens will look like humans, says Cambridge University evolution expert
Greece crisis: The wider lesson is that it’s time to abandon this failed experiment in currencies
Girl, 7, stares down hate preacher at Ohio festival with pro-LGBT rainbow flag gesture
- 1 Michelle Watt's father says TV presenter killed herself because she was in constant pain
- 2 Nathan Collier: Montana man inspired by same-sex marriage ruling requests right to wed two wives
- 3 'Help me I'm trapped in a factory' messages keep being found on bottles of vitamin water
- 4 North Korean defector flees to Finland 'with evidence of chemical testing on humans'
- 5 Greek debt crisis: The photograph that conveys the despair of Greece's elderly
iJobs Gadgets & Tech
£20000 per annum: Recruitment Genius: The leading provider of Employee Managem...
£15000 - £25000 per annum: Recruitment Genius: This Kent based design consulta...
£25000 - £34000 per annum: Recruitment Genius: Are you looking to work for an ...
Negotiable: Recruitment Genius: This role's responsibility also include operat...