Heartbleed Bug Can Expose Private Server Key, Says Reports

By Prarthito
|

Heartbleed has already become one of the most massive bugs to disrupt the entire web ecosystem, if there ever was one. And while fixes are currently being sought out to bypass this problem, it seems like more new information are being revealed related to the bug.

According to reports, four different researchers working separately with the bug have demonstrated that a server's private encryption key can be acquired using the Heartbleed bug. However, it is yet to be confirmed if the issue can lead to a potential attack.

Heartbleed Bug Can Expose Private Server Key, Says Reports

 

The new findings related to the bug have arrived via a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.

As part of the challenge, CloudFlare asked the security community if the flaw in the OpenSSL cryptographic library, which was made public last week, could be used to obtain the private key used to create an encrypted channel between users and websites, known as SSL/TLS (Secure Sockets Layer/Transport Security Layer).

Recommended: LG G3 Specifications Leaked in Benchmark

"The private key is part of a security certificate that verifies a client computer isn't connecting with a fake website purporting to be a legitimate one. Browsers indicate a secure connection with a padlock and show a warning if the certificate is invalid," PC World wrote.

"Security experts thought it might be possible that the private key could be divulged by exploiting the Heartbleed flaw, which may have affected two-thirds of the Internet and set off a mad scramble to apply a patch that fixes it."

Recommended: Top 10 Worthy Micromax Smartphones To Buy This April 2014

As of now, how each of the researchers accomplished in obtaining the private key hasn't been revealed. "It is at the discretion of the researchers to share the specifics of the techniques used," Nick Sullivan of CloudFlare wrote.

Most Read Articles
Best Mobiles in India

Read More About: heartbleed bug news pc desktop mobiles

Best Phones

Get Instant News Updates
Enable
x
Notification Settings X
Time Settings
Done
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more