A significant and far reaching security vulnerability discovered last week in the OpenSSL technology threatens all online encryption, including security measures for online banking. Security analysts are recommending users avoid doing anything sensitive like online banking.'Heartbleed Bug' puts Web security at risk
The "Heartbleed Bug," as it is known, is a vulnerability in OpenSSL, a technology used to provide encryption of about 66% of all servers on the public Internet.
"The scope of this is immense," said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi, a Salt Lake City cybersecurity company. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now."
By running such exploits, a hacker could in just a few seconds download countless emails, passwords, user IDs and much other personal information."It's a very simple script," said Chris Eng, vice president of research at application security testing firm Veracode. "And there's still a lot of websites out there that are vulnerable."
An updated version of OpenSSL has been issued, and sites can use that to fix the bug. In addition to updating OpenSSL, sites will need to update many pieces of their security protocols known as keys and certificates that help them confirm the identity of users.
Tumbler on Tuesday became the latest Website to say it has been hit by the security breach.