Skip to main content

New hacking challenge shows Heartbleed is as bad as we thought

You’ll have been hearing a lot about the Heartbleed bug this week, and it’s now been confirmed that the vulnerability can be used to nab private security keys from a server. That means a rogue site could pose as a genuine one, and neither you nor your browser would be any the wiser.

A quick recap: Heartbleed allows hackers to ping vulnerable servers for all kinds of sensitive information, including email addresses, passwords and credit card numbers. At first, there was some debate about whether this information could include private SSL keys, in many ways the most valuable data for a hacker; now we have confirmation that it can.

Recommended Videos

White-hat hackers Fedor Indutny and Ilkka Mattila successfully took on the Heartbleed hacking challenge laid down by Web performance and security company CloudFlare. “We confirmed that both of these individuals have the private key and that it was obtained through Heartbleed exploits,” said CloudFlare.

Having access to these private keys means hackers can return even after the Heartbleed exploit has been closed to steal more information — it’s akin to having the keys to a car rather than having to smash through the window. Only when server security certificates are updated (i.e. the locks are changed) will the bad guys be foiled, and that’s going to take some time.

Big-name companies including Google, Yahoo and Dropbox are scrambling to update their systems to close the Heartbleed loophole, but the danger is far from over. Stay tuned to our lists of apps and websites that are affected for details of how to protect yourself, and follow any prompts you receive to reset your passwords from the online services you use.

[Image courtesy of Heartbleed.com / Karen Blaha]

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
Apple’s work-from-home powerhouse is 24% off… and about to go extinct
The MacBook Air on a table in front of a window.

Hard-hitting MacBook deals are rare. People love their products and will happily buy them at full price, so sales aren't as incentivized as with other products. So, when we see a $400 savings on the most powerful version (the 24GB of RAM one) of the MacBook Air M3, dropping its price from $1,699 to $1,299, we love it. And that's exactly what's happening as part of this early Prime Day deal and one of the most exciting laptop deals in recent dates. Tap the button below to see it for yourself, or keep reading to get all of the details about the MacBook Air M3, what we discovered when we used it ourself, and why this deal may be the last of its kind.

BUY NOW

Read more
Spotify hit band The Velvet Sundown comes clean on AI
The Velvet Sundown.

The Velvet Sundown burst onto the music scene in early June and in the space of just a few weeks gained an astonishing 400,000 monthly listeners on Spotify. 

But its bland music style, hyper-realistic band images, and lack of a digital footprint quickly led many people to suspect that the The Velvet Sundown was AI-generated. And it turns out they were right.

Read more
Wimbledon’s robot line judges caught napping on Centre Court
wimbledon

Following in the footsteps of the U.S. Open and the Australian Open, Wimbledon finally did away with human line judges in favor of Hawk-Eye technology at this year's Championships.

All 18 courts have incorporated the system, which uses multiple high‑speed cameras and real‑time computer vision algorithms, with loudspeakers emitting an audible “out” to confirm a missed shot.

Read more