Internet sees red on Heartbleed

Bug interferes with software that secures user information

April 12, 2014 04:51 am | Updated November 16, 2021 07:00 pm IST

On April 7, Neel Mehta, a researcher from Google, and a security company named Codenomicon announced an Internet bug in a widely employed software that secures users’ personal information on the web.

In an advisory to users in the country, the Computer Emergency Response Team of India, a nodal agency, has categorised the problem’s severity as “high”.

Ominously named Heartbleed, this bug interferes with the regular function of software called OpenSSL by causing it to spill the secrets, it’s tasked with protecting, to malicious attackers.

When users key in their personal information on a website and hit ‘Enter,’ the data is on the Internet travelling between your computer and the site’s server. To safeguard it, the site uses OpenSSL (SSL refers to Secure Sockets Layer) to encrypt it — turning it into an incoherent jumble of characters — using an encryption key.

With Heartbleed in the picture, OpenSSL allows malicious messages sent to the server implementing it to potentially hand over the encryption key to the attacker.

While most service providers have updated OpenSSL to fix the bug, this SSL standard has seen rampant adoption in the last couple of years and many sites could still be vulnerable.

Describing its potential, Bruce Schneler, a fellow of Hardvard’s Berkman Centre, wrote: “On the scale of 1 to 10, this is an 11,” on his personal blog on April 9.

Companies like Amazon and Google have issued advisories to their customers stating that they have updated their systems and eliminated the threat. Kaspersky, a security firm, advised caution because a Heartbleed attack leaves no traces nor does it give users a chance to protect themselves.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.