Archived Content

The following content is from an older version of this website, and may not display correctly.

A flaw in Heartbleed SSL, the OpenSSL internet encryption protocol, has been scaring the technology world all week as it could affect millions of web servers around the world.

The flaw affects software in open source web servers like Apache and Nginx - around two thirds of web sites are hosted on such servers.

A fix has been issued and companies have been advized to check their systems and apply it, but it is unclear much damage has been done.

A number of technology heavyweights have already advertised their clean bill of health and issued guidance for customers. Amongst them, Amazon has been through AWS, Google has applied patches to its key services and others have done the same.

OpenSSL contains a function known as a heartbeat option – while someone is visiting a website that encrypts data using OpenSSL the computer sends and receives messages – heartbeat messages - from the server to check it is connected.

The Heartbleed flaw means that hackers can fake heartbeat messages and steal sensitive highly sensitive information like passwords, user names, credit card details and so on.

Motty Alon, director of Security solutions at Radware, said that the episode highlights the downside of open source security components.

“In past events, where such earth-shaking vulnerabilities were found, there was a vendor that would pay for the collateral damages that the vulnerability created. Who would pay for the collateral damages of this open-source vulnerability? It is likely be the users that are using OpenSSL,” Alon said.

Others view the events of the past week as a potential business opportunity.

Mateo Meier, founder of Swiss data hosting company ArtMotion, said his company has already applied security patches to its servers.

"As a Swiss company, we can already benefit from the fact that the country falls outside of US and EU regulation,” Meier said.

“Global organisations are turning to 'Silicon Switzerland' to entrust important data, especially in light of the recent NSA and GCHQ scandals. With trust already low in US cloud storage companies, we expect trust levels will decrease even further after the Heartbleed bug."