Heartbleed OpenSSL security bug plagues millions of Internet users

Heartbleed OpenSSL security vulnerability has hit scores of websites, leaving millions of users at risk of username and password theft, researchers say

By: Michael Hatamoto | Hacking & Security News | Posted: Apr 9, 2014 7:30 pm

Comment | Email to a Friend | Font Size: A A

The "Heartbleed" security vulnerability discovered by the security company Codenomicon found that the OpenSSL bug has opened up millions of Internet users to security risk. Although OpenSSL is designed to help keep sensitive information secure, Heartbleed may have led to website visitors susceptible to spying, according to researchers.

heartbleed_openssl_security_bug_plagues_millions_of_internet_users_01

Heartbleed targets any OpenSSL version over the past two years (OpenSSL 1.0.1 up to 1.0.1f), and cybercriminals are able to access the server's system memory, and encrypted information such as usernames, passwords, debit and credit card information is up for grabs.

Here is what Codenomicon noted:

"We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able to steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication."

NEWS SOURCES:Newsday.com, Heartbleed.com