ISLAMABAD: Internet users have been warned that sensitive information such as passwords and credit card details have lain open to theft because of a flaw in the internet's most common encryption software.
The bug, dubbed Heartbleed, was in place for more two years until a fix was announced on Tuesday, and would have allowed hackers to snoop on encrypted information held and processed by up to 500,000 web servers using the software, Aljazeera Reported.
Affected websites and service providers were told to install the update the software - leading to fears hackers would be exploiting the bug now it had been made public.
Tor, the internet anonymity project, said in a statement that users "might want to stay away from the internet entirely for the next few days while things settle".
The flaw was discovered in recent days by researchers at the Finnish security firm, Codenomicon.
"We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace," Codenomicon said on a website it built to provide information about the threat, heartbleed.com.
The breach involves OpenSSL, the most common internet encryption technology marked by the small, closed padlock and "https:" on web browsers. The bug meant traffic was subject to snooping even if the padlock was "closed".
The internet company, Yahoo, said its services such as email, Flickr and Tumblr were affected by the flaw, but said it had implemented the fix and there was no evidence security had been compromised.
Comments
Comments are closed.