A flaw has been discovered in an encryption method used on about two-thirds of all websites, including Google, Amazon, Yahoo and Facebook, potentially exposing web traffic, user data and stored content to cyber criminals.
The “heartbleed bug” was found in the OpenSSL software by a team of security engineers last week, leaving technology companies scrambling to fix their systems before it was announced on Monday night.
A newly discovered bug in widely used Web encryption technology has made data on many of the world’s major websites vulnerable to theft by hackers in what experts say is one of the most serious security flaws uncovered in recent years.
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
Updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet. Computer security experts warned that means victims cannot tell if their data has been accessed which is troubling because the bug has existed for about two years.
Google said it had fixed the flaw in key Google services and Facebook said it had added protections before the issue was publicly disclosed. Amazon Web Services, whose clients include sites from Netflix to Unilever, said it had applied “mitigations” so customers did not need to act. Yahoo said it had “made the appropriate corrections” to its main properties and was working to fix its other sites.
But even those who fix the software cannot necessarily see if a hacker has already used the vulnerability to access their systems. Netcraft, which monitors what code is used in each site, said more than half a million trusted websites were vulnerable to the bug.
You can read more about Heartbleed Bug on there website >> Heartbleed.com