Internet security flaw puts millions at risk

Bug in encryption code, known as "Heartbleed", would have allowed hackers to steal sensitive information undetected.

Last updated: 09 Apr 2014 02:13
Email Article
Print Article
Share article
Send Feedback
Heartbleed affected up to half a million web servers

Internet users have been warned that sensitive information such as passwords and credit card details have been at risk of theft due to a flaw in the internet's most common encryption software.

The bug, dubbed Heartbleed, was in place for more two years until a fix was announced on Tuesday, and would have allowed hackers to snoop on encrypted information held and processed by up to 500,000 web servers using the software.

Affected websites and service providers were told to install the update as soon as possible, before hackers were able exploit the now-public flaw.

Tor, the internet anonymity project, said in a statement that users "might want to stay away from the internet entirely for the next few days while things settle".

The flaw was discovered by researchers at the Finnish security firm, Codenomicon.

"We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace," Codenomicon said on its website, heartbleed.com. 

The breach involves OpenSSL, the most common internet encryption technology which is marked by the small, closed padlock and "https:" on web browsers. The bug meant traffic was subject to snooping even if the padlock was "closed".

The internet company, Yahoo, said its services such as email, Flickr and Tumblr were affected by the flaw, but said it had implemented the fix and there was no evidence security had been compromised.

The company said in a statement Tumblr: "This might be a good day to call in sick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may have been compromised.''


Al Jazeera And AP
Email Article
Print Article
Share article
Send Feedback
Topics in this article
Featured on Al Jazeera
'Justice for All' demonstrations swell across the US over the deaths of African Americans in police encounters.
Six former Guantanamo detainees are now free in Uruguay with some hailing the decision to grant them asylum.
Disproportionately high number of Aboriginal people in prison highlights inequality and marginalisation, critics say.
Nearly half of Canadians have suffered inappropriate advances on the job - and the political arena is no exception.
Women's rights activists are demanding change after Hanna Lalango, 16, was gang-raped on a bus and left for dead.
Buried in Sweden's northern forest, Sorsele has welcomed many unaccompanied kids who help stabilise a town exodus.
A look at the changing face of North Korea, three years after the death of 'Dear Leader'.
While some fear a Muslim backlash after café killings, solidarity instead appears to be the order of the day.
Victims spared by the deadly disease are reporting blindness and other unexpected post-Ebola health issues.