 "Study shows Heartbleed bug can be used to access a server's private keys")
Just over a week has passed since the Heartbleed bug incident was brought to light and the implications of this seemingly innocuous flaw have gotten worse by the day. The fear that the **Heartbleed bug** could not spare even highly secured severs and expose the confidential information could come true if a report on PCWorld is to be believed. This comes after researchers successfully accessed the private keys of a server exploiting the Heartbleed bug. This was a part of a challenge setup by a San Francisco-based online security company CloudFlare to find out whether hackers can access private keys of a server using the Heartbleed bug present in the OpenSSL cryptographic library. The private keys are used to ensure that communication channels between a user and the website are encrypted, referred to as SSL/TLS (Secure Sockets Layer/Transport Security Layer). Until now security experts were not sure whether the Heartbleed bug can be used to gain access to a server’s private keys. This challenge was setup to find out exactly that. Cloud Flare set up a server which had to be hit upon by researchers using only the Heartbleed bug. This server ran on nginx-1.5.13 web server software that was using a vulnerable OpenSSL version 1.0.1.f on a 64-Bit x86 Ubuntu 13.10 system. Fedor Idutny, a Russian researcher, was the first person who successfully gained access to the server’s private keys. Another researcher who was successful was llkka Matilla of National Cyber Security Centre in Finland. In a post on company’s blog Nick Sullivan says, “We confirmed that all individuals used only the Heartbleed exploit to obtain the private key.” A security certificate comes with private keys which verify that a client computer is not connecting with a fake website that is pretending to be genuine. You can find a lock in the left most part of the address bar when your system is accessing a secure and trusted website. Such certificates are widely used by e-commerce sites and banks. But using Heartbleed an attacker can fake a certificate and thus trick the user into diverting information to the attacker’s server. Besides this, all traffic can now be easily decrypted by the hacker, thanks to them having possession of the private keys.
Just over a week has passed since the Heartbleed bug incident was brought to light and the implications of this seemingly innocuous flaw have gotten worse by the day. The fear that the **Heartbleed bug** could not spare even highly secured severs and expose the confidential information could come true if a report on PCWorld is to be believed. This comes after researchers successfully accessed the private keys of a server exploiting the Heartbleed bug.
Advertisement
End of Article
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
