This article was last updated 11 years ago

heartbleed A hacker has been successful in retrieving private security keys using the Heartbleed bug in Open SSL. The Verge reported this today.

“The hacker, Node.js team member Fedor Indutny, claimed on Twitter that he’d tracked down the SSL keys”, the Verge stated. The original tweet by the hacker is shown below :

 

 

Earlier this morning, content distribution network, Cloudfare had mentioned that “Heartbleed is not as bad as feared”. It also said that after 2 weeks of research by its team, they couldn’t exploit this bug to get access to a site’s private keys.

Now, completely contradicting these claims, the Hacker, Feder Indutny, who is a member of Node.js, claimed that he had successfully retrieved private security keys using the SSL bug. Later, Cloudfare itself confirmed hacker’s claim :

 

This being confirmed, now there is more frenzy among users using OpenSSL. Cloudfare has recommended people to change their passwords for security concerns.

The hacker later clarified that he won’t be disclosing the code he used to hack until all the security passwords have been changed.


 

With the kind of catastrophe this bug can bring, already displayed, many websites have started updating their security for SSL and have started recommending users to change their passwords, as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.