SAN FRANCISCO - Trust in the Internet took a major blow on Tuesday as alarm spread that software commonly used to encrypt and secure online transactions could wind up giving away the store.
Computer security specialists, website masters, and fans of online privacy were worriedly abuzz with word of a freshly-discovered flaw in online data-scrambling software that hackers can turn to their advantage.
A bug dubbed "Heartbleed" in OpenSSL encryption software lets attackers illicitly retrieve passwords and other bits of information from working memory on computer servers, according to cyber-defence specialists at Fox-IT.
"Expect everybody who runs an https web server to be scrambling today," the Tor Project said in a warning posted at its website.
"If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle," it said.
OpenSSL is used to protect passwords, credit card numbers and other data coursing through the Internet.