Heartbleed flaw described as 'catastrophic' by experts: 'On the scale of 1 to 10, this is an 11'

Damage from the recently discovered flaw is impossible to assess, although most major companies have already secured their websites

A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.

The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.

Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.

Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.

The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.

The padlock in browser used to signal that HTTPS encryption is being used has been unsafe for more than two years.

The scale of the damage might never be known but the bug is thought to be the most serious uncovered in recent years. Some websites are encouraging users to change their passwords while others are advising that until they have confirmed that the bug has been fixed, changing passwords will do nothing.

Other security researchers have given more practical advice: “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”

Google says that it has already “applied patches to key Google services” while Yahoo says that it has “made the appropriate corrections across the main Yahoo properties”. Facebook too, says that it has addressed the issues

Unfortunately, there’s not much that individual users can do to protect against ‘heartbleed’ – the responsibility is with the companies tasked with operating individual websites.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Design Apprentice

    £6240 per annum: Recruitment Genius: This company is a well established websit...

    Recruitment Genius: Senior .Net Application Developer

    £40000 - £60000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: .Net / SQL Developer

    £25000 - £35000 per annum: Recruitment Genius: A skilled .NET developer with e...

    Recruitment Genius: IT Technical Support Engineer - PC/Mac

    £25000 - £30000 per annum: Recruitment Genius: This IT support company are cur...

    Day In a Page

    As in 1942, Germany must show restraint over Greece

    As in 1942, Germany must show restraint over Greece

    Mussolini tried to warn his ally of the danger of bringing the country to its knees. So should we, says Patrick Cockburn
    Britain's widening poverty gap should be causing outrage at the start of the election campaign

    The short stroll that should be our walk of shame

    Courting the global elite has failed to benefit Britain, as the vast disparity in wealth on display in the capital shows
    Homeless Veterans appeal: The rise of the working poor: when having a job cannot prevent poverty

    Homeless Veterans appeal

    The rise of the working poor: when having a job cannot prevent poverty
    Prince Charles the saviour of the nation? A new book highlights concerns about how political he will be when he eventually becomes king

    Prince Charles the saviour of the nation?

    A new book highlights concerns about how political he will be when he eventually becomes king
    How books can defeat Isis: Patrick Cockburn was able to update his agenda-setting 'The Rise of Islamic State' while under attack in Baghdad

    How books can defeat Isis

    Patrick Cockburn was able to update his agenda-setting 'The Rise of Islamic State' while under attack in Baghdad
    Judith Hackitt: The myths of elf 'n' safety

    Judith Hackitt: The myths of elf 'n' safety

    She may be in charge of minimising our risks of injury, but the chair of the Health and Safety Executive still wants children to be able to hurt themselves
    The open loathing between Barack Obama and Benjamin Netanyahu just got worse

    The open loathing between Obama and Netanyahu just got worse

    The Israeli PM's relationship with the Obama has always been chilly, but going over the President's head on Iran will do him no favours, says Rupert Cornwell
    French chefs get 'le huff' as nation slips down global cuisine rankings

    French chefs get 'le huff' as nation slips down global cuisine rankings

    Fury at British best restaurants survey sees French magazine produce a rival list
    Star choreographer Matthew Bourne gives young carers a chance to perform at Sadler's Wells

    Young carers to make dance debut

    What happened when superstar choreographer Matthew Bourne encouraged 27 teenage carers to think about themselves for once?
    Design Council's 70th anniversary: Four of the most intriguing prototypes from Ones to Watch

    Design Council's 70th anniversary

    Four of the most intriguing prototypes from Ones to Watch
    Dame Harriet Walter: The actress on learning what it is to age, plastic surgery, and her unease at being honoured by the establishment

    Dame Harriet Walter interview

    The actress on learning what it is to age, plastic surgery, and her unease at being honoured by the establishment
    Art should not be a slave to the ideas driving it

    Art should not be a slave to the ideas driving it

    Critics of Tom Stoppard's new play seem to agree that cerebral can never trump character, says DJ Taylor
    Bill Granger recipes: Our chef's winter salads will make you feel energised through February

    Bill Granger's winter salads

    Salads aren't just a bit on the side, says our chef - their crunch, colour and natural goodness are perfect for a midwinter pick-me-up
    England vs Wales: Cool head George Ford ready to put out dragon fire

    George Ford: Cool head ready to put out dragon fire

    No 10’s calmness under pressure will be key for England in Cardiff
    Michael Calvin: Time for Old Firm to put aside bigotry and forge new links

    Michael Calvin's Last Word

    Time for Old Firm to put aside bigotry and forge new links