Popular OpenSSL Encryption System Became Unsafe

Discovered bug (an error or flaw in the program) is called Heartbleed (heart is bleeding). According to experts, it is one of the most serious flaws in information security that have emerged in recent years. Security loops become the access for hackers to get access to important stuff, control it or even remove the contents without even disclosing the hackers location.
Image © RIA Novosti. Alexey Filippov


MOSCOW, April 9 – RIA Novosti. Specialists of the company and the company Google.Inc Codenomicon, specializing in information security, found that the error made ​​when creating cryptographic package OpenSSL, allows hackers to gain access to user data, reports Reuters .

Half sites worldwide working with information which must be protected using software Open SSL. These are the sites on which users enter personal data, passwords, credit card numbers – they provide, such as email services or online banking. Address of the site is displayed in the address bar as “HTTPS …”.

Among the resources that could be affected by the vulnerability of this software, is Yahoo. As the representative of the company website TechCrunch , has now taken measures to protect user data for Yahoo Search, Yahoo Mail, Yahoo Finance, Flickr, Tumblr, etc.OpenSSL developers have released an update (“patch”) that will inform users that their data, such as passwords, keys, etc., threatens hacking.

“We have been testing some of our own services for their exposure to attacks,” – says the site heartbleed.com , created specifically Codenomicon to inform users about the threat from encryption systems. On the site, explained the problem, the scale of the threat it carries, and suggests ways to address – in particular, where you can check whether a particular vulnerable resource, using some version of OpenSSL.

Computer security experts are concerned that not all of the alleged victims of attacks can be informed about data leakage as “bug” has been around for about two years.

Chris Eng, head of research in the field of software firm Veracode, suggests that hundreds of thousands of servers, like web sites, and e-mail services, you need to “patch” as soon as possible to protect them from hackers who will rush to take advantage of the well-known Now vulnerability cryptographic package.

German Federal Office for Security in Information Technology (BSI) assessed the problem as “critical,” according to Die Welt . Experts call it one of the most serious flaws in information security that have emerged in recent years.