….
Web
administrators and computer security researchers on Tuesday scrambled to
fix a serious vulnerability in OpenSSL encryption used by thousands of
web servers, including those run by email and web chat providers. The
bug, dubbed Heartbleed, “allows anyone on the internet to read the
memory of the systems protected by the vulnerable versions of the
OpenSSL software”.
In other words hackers or cyber criminals
can use the Heartbleed bug to steal private encryption keys from a
server that is using OpenSSL protocols of SSL/TLS encryption and then
snoop on the user data, including passwords. There are reports that
servers of Yahoo, Imgur and Flickr have been affected. However, this is
around two-year-old bug and hence no one knows for sure how many people
have exploited it at how many servers have been compromised.
The bug is so serious and widespread that Tor Project, which manages the
anonymous Tor network, has advised web users to go offline for a while.
“If you need strong anonymity or privacy on the internet, you might
want to stay away from the internet entirely for the next few days while
things settle,” it said in a blog post.
…
regards