A vulnerability in numerous versions of the OpenSSL software library has been found, making information on 66 per cent of the world websites vulnerable to hackers.
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” said researchers at Codenomicon, a company providing security and robustness testing solutions.
The vulnerability undermines the security in commonly used SSL/TLS (Secure Sockets Layer/ Transport Layer Security) encryption
The bug compromises secret keys used to identify service providers and encrypt traffic, as well as the names and passwords of users.
“This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users,” the researchers said.
Most internet users are affected by the bug directly or indirectly, Codenomicon said.
“Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.
“You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.”
The company said websites should update to version 1.0.1g or newer in order to fix the vulnerability.
Image courtesy of Shuttershock
