A newly discovered computer bug that was found in software that’s used to encrypt sensitive information — credit card numbers, for instance — has left millions of Internet users vulnerable, possibly exposing their private passwords and user names, as well as their financial data.
The bug, dubbed “Heartbleed,” could have infected up to 500,000 servers that rely on OpenSSL software — impacting millions, The Washington Post reported.
“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” wrote Matthew Green, a cryptographer and research professor at Johns Hopkins University, on his blog, as reported by The Washington Post.
“This includes many of the websites that store your personal information. And for better or for worse, industry’s reliance on OpenSSL is only increasing.”
The big danger comes from the devastation that hackers could unleash if they obtain the sensitive information.
“Once an attacker has a website’s encryption keys, anything is fair game,” said Jill Scharr, who wrote on the topic at Yahoo Tech. “Instead of slipping through a proverbial crack in the wall, he can now walk in and out the front door.”
Another security official put it this way: “If a website is vulnerable, I could see things like your password, banking information and healthcare data, which you were under the impression you were sending securely to your website,” said Michael Coates, director of product security for Shape Security, in Reuters.
A fix has been sent around — but The Washington Post reported that it’s not clear how quickly the solution was being put in place.
• Cheryl K. Chumley can be reached at cchumley@washingtontimes.com.
Please read our comment policy before commenting.