(Ping! Zine Web Tech Magazine) – Researchers have confirmed that a server’s private encryption key can be accessed from the Heartbleed bug, PCWorld reports.
Last week, CloudFlare, a San Francisco based security firm, challenged users to steal encryption keys from their NGINX servers using a version of OpenSSL that was infected by Heartbleed, proving that it is possible to steal SSL keys due to the bug.
“This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability,” states CloudFlare’s blog.
If an attacker were to access the encryption key, they could decrypt traffic passing between servers or unscramble encrypted data they’ve preciously collected in the past.
The Hearbleed bug was first made public last Monday where researchers at Google and Codenomicon discovered the bug in the OpenSSL software, an encryption tool used by two-thirds of Internet servers.