Heartbleed is a recently discovered software flaw that could leave millions of servers on the Internet open to an attack which allows sensitive data, such as user passwords, to be stolen.
Anu Nayer, Deloitte Head of Security, Privacy and Resilience, stated the issue – which has been around for over two years but was only recently discovered – should not be ignored.
“This is a major issue and it appears a significant portion of the Internet has been affected. Because this exploit leaves no trace in almost any system it is very difficult to determine the extent to which anyone has been compromised through this,” he said.
The heart of the problem lies in open-source software called OpenSSL that's widely used to encrypt Web communications. Nayer explained that a flaw in the programming on some versions (OpenSSL 1.0.1-1.0.1f) means attackers can view small portions of what is being stored in the server’s memory which includes data such as usernames, passwords, credit card numbers and any other sensitive information.
Grayson Milbourne, director of security intelligence at Webroot added it is software vulnerability not an infection.
“A vulnerability is a flaw in the code of an application which allows it to be exploited. In the case of the OpenSSL Heartbleed vulnerability, researchers found a flaw in how the data was being encrypted and transmitted,” he said.
Brokers may want to take steps to arm their systems against "Heartbleed", a major new vulnerability that could let attackers gain access to users' passwords and fool people into using bogus versions of websites.