Thousands At Risk Of Heartbleed Server Bug

April 9, 2014 3:13 PM

web servers

Experts are warning that the Heartbleed server bug, a serious security flaw, could allow hackers to steal personal information from “half a million” sites including Yahoo, Imgur, dating website OKCupid, and even the FBI’s own online presence.

The bug affects servers that run the OpenSSL software. It allows hackers to gain access to secure web connections, personal email accounts and web user’s search history. As well as letting them bypass the OpenSSL security, when exploited Heartbleed could give hackers access to the encryption keys used to keep the data private in the first place.

Amazon, Google and Microsoft have already confirmed that they have patched the bug in their servers. There are currently no reports of the Heartbleed server bug being exploited, but other companies that could be affected are being advised to update their systems just in case. It is suggested that web users log out of and stay away from potentially at-risk sites and to change their passwords when said sites have been confirmed to be safe.

According to the Heartbleed homepage, the bug is so called as it relates to an extension called “heartbeat” which “when…exploited leads to the leak of memory contents from the server to the client and from the client to the server.” It is estimated that over 66% of web sites currently online use the OpenSSL encryption.

Web companies have recently started to lean towards Perfect Forward Secrecy (PFS) in favour of OpenSSL for online security. “People should want their communications to be secure as possible,” says security consultant John Miller. “PFS is one thing they can push for in the future.”

What steps are you taking in light of the Heartbleed server bug news? Have you been affected by the security flaw at all? Let us know in the comments!