News

Heartbleed flaw used by Hackers to access server’s private keys

Last week, Heartbleed bug exploded in the cyber world. This seemingly harmless flaw has worsened by the day. If a report on PCWorld is to be believed, then it could come true that Heartbleed bug could not spare even highly secured servers and expose the confidential information.

 

Researchers conducted tests and successfully accessed the private keys of a particular server that is exploiting the Heartbleed bug. San Francisco-based online security company CLoudFLare accepted the challenge of finding out whether hackers can get server’s private keys using the Open SSL cryptographic where the Heartbleed bug is present. Private keys are used in ensuring the communication channels between a user and the website encrypted calls the SSL/TLS (Secure Sockets/Transport Security Layer.)

 

Security expert is still undergoing a thorough investigation regarding this Heartbleed bug if it can really be used to gain access to the private keys of a server. Private keys are part of security certificates that verify if a client computer is directed to a fake website that is pretending to be authentic.

 

To find out if you are accessing a secure and trusted website, a lock is located in the left most part of the address bar. This security certificate is commonly used by e-commerce sites and banks that needed a strong security for their client information. But with Heartbleed, these websites become vulnerable to the attackers who can fake certificates and deceive the users into redirecting information into the attacker’s server. Now that they can have possession of the private keys, all traffic can now be easily decrypted by the hacker.