Renowned security expert Bruce Schneier has called the discovery of the Heartbleed bug a ‘catastrophic’ revelation and suggested it could have been created deliberately to help snoop through firms' data.
The bug, as discussed in the video below, is thought to impact around two thirds of the world’s web servers and made it possible for those aware of the vulnerability to access and remove vulnerable data, without leaving any trace.
Such web servers are used by web giants including Facebook, Yahoo and Google, putting the personal details of millions of web users around the world at risk.
Writing in a blog post about the issue, Schneier (pictured) said it was a 'catastrophic' revelation: "On the scale of 1 to 10, this is an 11. Half a million sites are vulnerable, including my own. Test your vulnerability here.”
He also questioned how such a major issue could have been included in the OpenSSL technology, and suggested that, within the context of the PRISM scandal, intelligence agencies may have played a part.
“At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies," he said.
"The real question is whether or not someone deliberately inserted this bug into OpenSSL and has had two years of unfettered access to everything."
Schneier noted that while a patch has been issued, this is just the first step required to set about repairing the damage done. "After you patch your systems, you have to update your SSL certificate, and then change every password that could potentially be affected," he noted.
The fallout from the Heartbleed bug is likely to continue for some time as trust in the web continues to suffer, following the PRISM spying revelations from Edward Snowden that have dominated the headlines since summer 2013.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix