Heartbleed OpenSSL security bug plagues millions of Internet users
Heartbleed OpenSSL security vulnerability has hit scores of websites, leaving millions of users at risk of username and password theft, researchers say.
The "Heartbleed" security vulnerability discovered by the security company Codenomicon found that the OpenSSL bug has opened up millions of Internet users to security risk. Although OpenSSL is designed to help keep sensitive information secure, Heartbleed may have led to website visitors susceptible to spying, according to researchers.
Heartbleed targets any OpenSSL version over the past two years (OpenSSL 1.0.1 up to 1.0.1f), and cybercriminals are able to access the server's system memory, and encrypted information such as usernames, passwords, debit and credit card information is up for grabs.
Here is what Codenomicon noted:
"We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able to steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication."
Similar News
- > NEXT STORY: The PC version of Watch Dogs looks incredible thanks to NVIDIA tech
- < PREVIOUS STORY: The Last of Us Remastered banner promises pre-orders