TRENDING ON ONEINDIA
- NIA Officially Takes Over Probe Into Pulwama Terror Attack
- Schalke 2 Manchester City 3 — 10-Man Visitors Strike Late Through Sane & Sterling
- Tata 45X’s Teaser Video Out — Production-Spec Tata 45X To Be Unveiled At Geneva Motor Show
- Cobrapost Sting Operation: Sunny Leone & Sonu Sood Deny All The Allegations!
- Vivo V15 Pro Launched At Rs 28,990 — The Good, Bad & The X factor
- Nutrition: Blood & Marrow Transplant
- Best Places To Visit In India In March: A 2019 Must-visit Checklist
- Company Fixed Deposits In India Which Offer Yields Of Near 10%
Heartbleed Bug Can Expose Private Server Key, Says Reports
Heartbleed has already become one of the most massive bugs to disrupt the entire web ecosystem, if there ever was one. And while fixes are currently being sought out to bypass this problem, it seems like more new information are being revealed related to the bug.
According to reports, four different researchers working separately with the bug have demonstrated that a server's private encryption key can be acquired using the Heartbleed bug. However, it is yet to be confirmed if the issue can lead to a potential attack.
The new findings related to the bug have arrived via a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.
As part of the challenge, CloudFlare asked the security community if the flaw in the OpenSSL cryptographic library, which was made public last week, could be used to obtain the private key used to create an encrypted channel between users and websites, known as SSL/TLS (Secure Sockets Layer/Transport Security Layer).
"The private key is part of a security certificate that verifies a client computer isn't connecting with a fake website purporting to be a legitimate one. Browsers indicate a secure connection with a padlock and show a warning if the certificate is invalid," PC World wrote.
"Security experts thought it might be possible that the private key could be divulged by exploiting the Heartbleed flaw, which may have affected two-thirds of the Internet and set off a mad scramble to apply a patch that fixes it."
As of now, how each of the researchers accomplished in obtaining the private key hasn't been revealed. "It is at the discretion of the researchers to share the specifics of the techniques used," Nick Sullivan of CloudFlare wrote.