Article content continued

The bug was discovered independently by Neel Mehta of Google Security and a team of security engineers at computer security firm Codenomicon.

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” reads a post on Heartbleed.com, a site established by Codenomicon.

“This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Any time that you’re doing something and you see the lock icon in the corner [of your browser] and you think everything is safe … it is not automatically guaranteed

To test if your server has been compromised this site offers a Heartbleed test.

Researchers say the Heartbleed bug could affect thousands of Web and email servers around the world, and one of the largest sites to be affected by the bug is Yahoo.com. (On Tuesday afternoon, Yahoo’s official corporate Twitter feed said the company had fixed the vulnerability across its main properties and was working to secure its entire platform.)

“This is an instance of a security service having the potential of being 100% compromised,” said Seth Hardy, senior security researcher at The Citizen Lab at the University of Toronto’s Munk School of Global Affairs, a cybersecurity research lab based out of the University of Toronto.

“So any time that you’re doing something and you see the lock icon in the corner [of your browser] and you think everything is safe and then you do something like banking or send personal information, it is not automatically guaranteed to be completely broken, but there is a possibility … to give complete compromise of all of that confidentiality and privacy.”