A confounding computer bug called “Heartbleed” is creating big security issues across the internet making the Web surfers to wonder whether they should change their passwords to prevent theft of their sensitive information such as credit card number, email accounts and so on.
The bug creates an opening in SSL/TLS, which is an encryption technology marked by the small, closed padlock and “https:” on Web browsers to signify that traffic is secure. With the help of this bug, one can spy on Internet traffic even if the padlock had been closed. The security researchers say that the interlopers could also grab the keys for decoding encrypted data without the website owners knowing the theft had occurred.
Although the problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet as about two-thirds of Web servers rely on OpenSSL. It indicates that even if the protection is offered by encryptions, the information passing through hundreds of thousands of websites could be at risk. OpenSSL is not only used to secure emails and chats but also the virtual private networks (VPNs), which are used by employees to connect with corporate networks in order to safeguard confidential information from snooping eyes.[useful_banner_manager banners=25 count=1]
Yahoo, Google and Facebook confirmed they had been affected by the OpenSSL flaw and had applied fixes to their systems. However, Twitter and e-commerce giant Amazon say their websites weren’t exposed to Heartbleed.