Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

New hacking challenge shows Heartbleed is as bad as we thought

Add as a preferred source on Google

You’ll have been hearing a lot about the Heartbleed bug this week, and it’s now been confirmed that the vulnerability can be used to nab private security keys from a server. That means a rogue site could pose as a genuine one, and neither you nor your browser would be any the wiser.

A quick recap: Heartbleed allows hackers to ping vulnerable servers for all kinds of sensitive information, including email addresses, passwords and credit card numbers. At first, there was some debate about whether this information could include private SSL keys, in many ways the most valuable data for a hacker; now we have confirmation that it can.

Recommended Videos

White-hat hackers Fedor Indutny and Ilkka Mattila successfully took on the Heartbleed hacking challenge laid down by Web performance and security company CloudFlare. “We confirmed that both of these individuals have the private key and that it was obtained through Heartbleed exploits,” said CloudFlare.

Having access to these private keys means hackers can return even after the Heartbleed exploit has been closed to steal more information — it’s akin to having the keys to a car rather than having to smash through the window. Only when server security certificates are updated (i.e. the locks are changed) will the bad guys be foiled, and that’s going to take some time.

Big-name companies including Google, Yahoo and Dropbox are scrambling to update their systems to close the Heartbleed loophole, but the danger is far from over. Stay tuned to our lists of apps and websites that are affected for details of how to protect yourself, and follow any prompts you receive to reset your passwords from the online services you use.

[Image courtesy of Heartbleed.com / Karen Blaha]

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Apple’s M6 chip isn’t even here yet, but you’ll see M7 Macs early in 2027
Apple is reportedly already accelerating its next-generation silicon roadmap, even before the M6 has launched.
Apple MacBook

The M6 chip is still expected to debut later this year, but Apple may already be preparing for what comes next. According to Mark Gurman's latest report for Bloomberg, the company is aiming to introduce its first M7-powered devices as early as the first half of 2027, hinting at a much faster silicon refresh than many expected.

M7 could arrive alongside new Macs and iPads

Read more
The entry-level MacBook Pro could get a design refresh in 2027, and it’s about time
Five years on the same chassis, and now both tiers of the MacBook Pro are getting a new look at once.
MacBook Pro in space grey sitting on a desk.

Apple has a new MacBook Pro lined up for launch early next year, according to Bloomberg. The company will introduce a 14-inch laptop in the first half of 2027. 

The biggest surprise, however, will be a brand-new design language. The outlet describes it as "a revamped entry-level MacBook Pro, code-named K104."

Read more
Study finds humans will talk to AI ghosts of the dead as reincarnations, and it’s pretty grim
The first AI ghost study is in. The results are about as complicated as you'd expect.
VR Headset, Person, Face

A new study from the University of Colorado Boulder confirms something that sounds both impressive and concerning. People find interacting with AI simulations of their dead loved ones deeply meaningful, and most will come away wanting to do it again.

The researchers call it a "generative ghost," which is a clear reference to generative AI, but I’d still prefer to call it unsettling.

Read more