Secure websites are no considered “secure” according to finding made by Google and Codenomicon.
The tech firms discovered a fatal security flaw on SSL, TLS, and Open SLL secured websites. These sites are usually recognized with a signature padlock and https-colon-double-slash in the address bar and are a standard for use in Ecommerce, banking, email, and social networking sites.
The security flaw codenamed “HeartBleed”, due to the feeling which comes after funds and data has been stolen, is thought to have been around for the last 2 years. The Open SLL standard which is used by both Apache and nginx is considered the more vulnerable of those researched by Google and Finnish security firm Codenomicon.
HeartBleed can be used to stealthy obtain data without leaving a trace. However, with the revelation of the flaw and its nature of not leaving evidence of a breach, researchers are not sure if anyone has taken advantage yet.
Fortunately, most Ecommerce and consumer oriented platforms do not use Open SLL, but other security protocols are still vulnerable to the flaw. Open SLL is mainly used for email clients, chat software and VPNs.
Researchers from the Google and Codenomicon state a fix has been made available since this last Monday, April 7thy 2014, and stongly urge all secure websites to install the patch.
Social network Tumbler has already stated they see no evidence of a data breach. Internet company Yahoo! mentioning they are currently investigating their security standards and working on fix if anything point to data being compromised.