Heartbleed flaw described as 'catastrophic' by experts: 'On the scale of 1 to 10, this is an 11'

Damage from the recently discovered flaw is impossible to assess, although most major companies have already secured their websites

A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.

The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognisable to users as the padlock that appears in the address bar of your browser.

Bruce Schneier, a security expert who has been covering the industry for years, described the flaw as 'catastrophic': "On the scale of 1 to 10, this is an 11," wrote Schneier in a blog post.

Since the flaw was discovered by researchers from Google and Finnish security group Codenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.

The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.

The padlock in browser used to signal that HTTPS encryption is being used has been unsafe for more than two years.

The scale of the damage might never be known but the bug is thought to be the most serious uncovered in recent years. Some websites are encouraging users to change their passwords while others are advising that until they have confirmed that the bug has been fixed, changing passwords will do nothing.

Other security researchers have given more practical advice: “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”

Google says that it has already “applied patches to key Google services” while Yahoo says that it has “made the appropriate corrections across the main Yahoo properties”. Facebook too, says that it has addressed the issues

Unfortunately, there’s not much that individual users can do to protect against ‘heartbleed’ – the responsibility is with the companies tasked with operating individual websites.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Network Engineer

    £25000 - £30000 per annum: Recruitment Genius: Setup, configure, troubleshoot,...

    Ashdown Group: Reporting & Analytics Supervisor - Buckinghamshire - £36,000

    £34000 - £36000 per annum + benefits: Ashdown Group: Analytics & Reporting Tea...

    Ashdown Group: Product Manager - Lancashire - £34,000

    £30000 - £34000 per annum + excellent benefits: Ashdown Group: Product Manager...

    Ashdown Group: IT Manager - Surrey - £60,000

    £45000 - £60000 per annum + Benefits: Ashdown Group: Infrastructure Manager - ...

    Day In a Page

    The Silk Roads that trace civilisation: Long before the West rose to power, Asian pathways were connecting peoples and places

    The Silk Roads that trace civilisation

    Long before the West rose to power, Asian pathways were connecting peoples and places
    House of Lords: Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled

    The honours that shame Britain

    Outcry as donors, fixers and MPs caught up in expenses scandal are ennobled
    When it comes to street harassment, we need to talk about race

    'When it comes to street harassment, we need to talk about race'

    Why are black men living the stereotypes and why are we letting them get away with it?
    International Tap Festival: Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic

    International Tap Festival comes to the UK

    Forget Fred Astaire and Ginger Rogers - this dancing is improvised, spontaneous and rhythmic
    War with Isis: Is Turkey's buffer zone in Syria a matter of self-defence – or just anti-Kurd?

    Turkey's buffer zone in Syria: self-defence – or just anti-Kurd?

    Ankara accused of exacerbating racial division by allowing Turkmen minority to cross the border
    Doris Lessing: Acclaimed novelist was kept under MI5 observation for 18 years, newly released papers show

    'A subversive brothel keeper and Communist'

    Acclaimed novelist Doris Lessing was kept under MI5 observation for 18 years, newly released papers show
    Big Blue Live: BBC's Springwatch offshoot swaps back gardens for California's Monterey Bay

    BBC heads to the Californian coast

    The Big Blue Live crew is preparing for the first of three episodes on Sunday night, filming from boats, planes and an aquarium studio
    Austin Bidwell: The Victorian fraudster who shook the Bank of England with the most daring forgery the world had known

    Victorian fraudster who shook the Bank of England

    Conman Austin Bidwell. was a heartless cad who carried out the most daring forgery the world had known
    Car hacking scandal: Security designed to stop thieves hot-wiring almost every modern motor has been cracked

    Car hacking scandal

    Security designed to stop thieves hot-wiring almost every modern motor has been cracked
    10 best placemats

    Take your seat: 10 best placemats

    Protect your table and dine in style with a bold new accessory
    Ashes 2015: Alastair Cook not the only one to be caught in The Oval mindwarp

    Cook not the only one to be caught in The Oval mindwarp

    Aussie skipper Michael Clarke was lured into believing that what we witnessed at Edgbaston and Trent Bridge would continue in London, says Kevin Garside
    Can Rafael Benitez get the best out of Gareth Bale at Real Madrid?

    Can Benitez get the best out of Bale?

    Back at the club he watched as a boy, the pressure is on Benitez to find a winning blend from Real's multiple talents. As La Liga begins, Pete Jenson asks if it will be enough to stop Barcelona
    Athletics World Championships 2015: Beijing witnesses new stage in the Jessica Ennis-Hill and Katarina Johnson-Thompson heptathlon rivalry

    Beijing witnesses new stage in the Jess and Kat rivalry

    The last time the two British heptathletes competed, Ennis-Hill was on the way to Olympic gold and Johnson-Thompson was just a promising teenager. But a lot has happened in the following three years
    Jeremy Corbyn: Joining a shrewd operator desperate for power as he visits the North East

    Jeremy Corbyn interview: A shrewd operator desperate for power

    His radical anti-austerity agenda has caught the imagination of the left and politically disaffected and set a staid Labour leadership election alight
    Isis executes Palmyra antiquities chief: Defender of ancient city's past was killed for protecting its future

    Isis executes Palmyra antiquities chief

    Robert Fisk on the defender of the ancient city's past who was killed for protecting its future