(Ping! Zine Web Tech Magazine) – A security flaw has been discovered in an encryption tool used across most of the Internet, leaving many of the world’s biggest websites vulnerable to attacks and data theft.
Researchers with Google and security firm Codenomicon discovered the “Heartbleed” bug in the OpenSSL software, a free encryption tool used by two-thirds of Internet servers, the Wall Street Journal reports.
This issue was discovered last week but was not made public until Monday, where the researchers said the bug has affected versions of OpenSSL released in the past two years.
“It’s easily the worst vulnerability since mass-adoption of the Internet,” said CEO of San Francisco cybersecurity firm, CloudFlare Inc. “It’s going to be really bad.”
The vulnerability could allow hackers to easily access sensitive information like passwords, Social Security numbers, healthcare data, bank information, and credit cards.
Multiple websites such as Facebook, Yahoo, Netflix, and Google, have urged users to change their security information, while other sites such as the Canada Revenue Agency have shut down their site.
“It’s a serious bug in that it doesn’t leave any trace,” wrote Codenomicon on its website. ”Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there.”