Heartbleed Web bug might expose vast amounts of private data - KSWO 7News | Breaking News, Weather and Sports

Heartbleed Web bug might expose vast amounts of private data

By Konrad Krawczyk
Provided by


A serious vulnerability in the OpenSSL Internet encryption protocol known as the Heartbleed bug has potentially left the information of most Internet users vulnerable to hackers.

That's according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world's active websites, and has existed for roughly two years.

OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site's server into relaying data that's stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.

MORE: Here's a list of websites allegedly affected by the Heartbleed Bug

"Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously," Codenomicon warns.

The security researchers who uncovered the hole say that hackers who exploit the Heartbleed bug can steal all that and more, even instant messages and business documents. The researchers tested the flaw out for themselves, and discovered that they were able to steal such information without leaving any trace of their attack, and also without the benefit of any "privileged information," including log-in credentials.

What can you do to protect yourself from the Heartbleed bug?

Aside from avoiding affected sites, which reportedly include Yahoo and OkCupid, and changing your passwords, there's not much you can do to safeguard your data. It's up to individual companies to update their websites and services to use the fixed version of OpenSSL, which plugs the hole left by Heartbleed — stanching the bleeding, so to speak. The researchers that took the wraps off the bug say it's the responsibility of operating system vendors, software makers, and network hardware vendors to use the new version, which they call FixedSSL.

At this point, both Amazon and Yahoo are working to apply the fix across all of their services, with the latter indicating that they've done so across most high-profile web properties, including Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Meanwhile, Amazon states that it has applied the fix to the majority of its services as well. You can read Amazon's statement on the matter here.

At this point, it's unclear how much damage has been done by Heartbleed. In the meantime, here's a list of sites which have reportedly been affected.


This article was originally posted on Digital Trends

  • Local NewsNewsMore>>

  • Survivors recount deadly Missouri duck boat sinking

    Survivors recount deadly Missouri duck boat sinking

    Saturday, July 21 2018 12:18 AM EDT2018-07-21 04:18:54 GMT
    Saturday, July 21 2018 5:13 PM EDT2018-07-21 21:13:22 GMT
    (AP Photo/Charlie Riedel). People pray outside Ride the Ducks, an amphibious tour operator involved in a boating accident on Table Rock Lake, Friday, July 20, 2018 in Branson, Mo.(AP Photo/Charlie Riedel). People pray outside Ride the Ducks, an amphibious tour operator involved in a boating accident on Table Rock Lake, Friday, July 20, 2018 in Branson, Mo.

    More than half of the 17 people killed when a tourist boat sank on a Branson lake were members of the same Indiana family, and they likely wouldn't have been on the ill-fated trip but for a ticket mix-up.

    More than half of the 17 people killed when a tourist boat sank on a Branson lake were members of the same Indiana family, and they likely wouldn't have been on the ill-fated trip but for a ticket mix-up.

  • Trump finds it 'inconceivable' lawyer would tape a client

    Trump finds it 'inconceivable' lawyer would tape a client

    Saturday, July 21 2018 9:26 AM EDT2018-07-21 13:26:09 GMT
    Saturday, July 21 2018 5:12 PM EDT2018-07-21 21:12:35 GMT
    (AP Photo/Seth Wenig, File). FILE - In this April 26, 2018 file photo, Michael Cohen leaves federal court in New York.  President Donald Trump's former personal lawyer secretly recorded Trump discussing payments to a former Playboy model who said she h...(AP Photo/Seth Wenig, File). FILE - In this April 26, 2018 file photo, Michael Cohen leaves federal court in New York. President Donald Trump's former personal lawyer secretly recorded Trump discussing payments to a former Playboy model who said she h...

    President Donald Trump claims that his former personal lawyer's taping of their private phone conversations is "totally unheard of & perhaps illegal.".

    President Donald Trump claims that his former personal lawyer's taping of their private phone conversations is "totally unheard of & perhaps illegal.".

  • DC debuts 'Aquaman' trailer at San Diego Comic-Con

    DC debuts 'Aquaman' trailer at San Diego Comic-Con

    Saturday, July 21 2018 5:04 PM EDT2018-07-21 21:04:43 GMT
    (Source: Warner Bros. Pictures)(Source: Warner Bros. Pictures)

    The movie will hit the box office just days before Christmas on Dec. 21, 2018.

    The movie will hit the box office just days before Christmas on Dec. 21, 2018.

Powered by Frankly