The Heartbleed Bug sparked widespread fear and panic as it potentially affected millions of online users and their personal information, including bank account data. But now, it appears OpenSSL has been hit again, and observers are pushing for more information about what possible breach, or breaches, have taken place over the past week.

Some have even gone so far as to argue this security breach could be worse than Heartbleed, which has many fearful over the future of Internet safety and security.

The popular OpenSSL has been discovered to have a "man-in-the-middle vulnerability" that potentially could leave many users' information at risk.

But more experienced security experts have said while the risks are great and the potential for a massive breach exists, the lack of ease of accessing a database likely makes it less scary than the Heartbleed Bug.

A hacker must run a system between a web browser or SSL-enabled client program in order to have access to the security hole. Most believe few will go to the trouble of attempting to exploit the security flaw as it would be time consuming and arduous.

Still, experts are calling for OpenSSL to look closely at current systems and to upgrade existing software as soon as possible.

Chris Camejo, director of Assessment Services for NTT Com Security, said in an e-mail interview with ZDNet, "It's bad because it has been around for a long time and looks to be fairly widespread."

He added that "if exploited it would allow the attacker to decrypt traffic. This is serious given that the whole point of SSL is to encrypt traffic and it is widely used to protect passwords, credit card numbers, and all other manner of sensitive transactions that happen on web sites as well as certain email connections."

On top of this there are also fears the security flaw could be exploited by governments and agencies to spy directly on individuals online.

Tatsuya Hayashi, the researcher who found one of the critical bugs, told the Guardian that the latest flaw "may be more dangerous than Heartbleed" as it could be used to directly spy on people's communications.

For now, there is still no evidence that the systems have been attempted to be broken into and while the flaw is serious and efforts are currently being made to fix it, online data appears to be safe. At least for the moment.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion