Amazon, Yahoo, and many other websites are currently on high alert against the "Heartbleed" bug as it can expose a large quantity of data, which was intentionally kept from the public, especially from opportunists.
Heartbleed bug is a flawed encryption tool used by majority of the Internet. According to researchers from Google Inc. and cybersecurity firm Codenomicon, it could have affected about 67 percent of active websites upon its disclosure on Monday.
The bug is within the heartbeat extension of OpenSSL. It permits an attacker to steal the computer memory of up to 64k chunks every time. This indicates that the hacker can always re-access the computer to get more data in different times. Furthermore, private keys used to unlock encrypted data were also compromised because of the flaw.
The only way to be completely protected against this bug is by immediately updating OpenSSL. After that, nullify old keys and generate new ones plus certificates.
"Anyone can reach out to the Internet and scoop out of the data," said Thomas Ptacek, a researcher at Matasano Security in Chicago, to Wall Street Journal. "I can be in my office here. I can be in Estonia."
Meanwhile, about a day after the disclosure of the bug, website operators of big Internet companies like Amazon and Yahoo Inc. were quick to fix the problem.
Though several researchers claimed that they were able to obtain Yahoo usernames and password, a spokesperson for Yahoo told WSJ that they have "made the appropriate corrections."
Amazon, on the other hand, along with e-Bay and Google, seemed to be safe, based on a test ran by a researcher for Qualys Inc., a cybersecurity company.
Researchers revealed that the bug has been present for about a couple of years already. They also revealed ways on how website operators can protect their data, as well as their users'.
Tor Project president Roger Dingledine, on the other hand, advised users to stop using the Internet for the meantime until the security flaw is fully resolved to protect their data and privacy.