Heartbleed Security Flaw Found in Web Encryption, Spurs Fix

Researchers have pushed out a fix for a security flaw that affects as many as two-thirds of all Internet servers and could let hackers intercept encrypted traffic including e-mail messages, banking information, usernames and passwords.

The flaw and the fix, which researchers disclosed on April 7, involves a two-year-old programming mistake in OpenSSL. OpenSSL is an open-source software that is widely used by Internet companies to secure traffic flowing between servers and users’ computers. SSL refers to an encryption protocol known as Secure Sockets Layer and its use is indicated by a closed padlock appearing on browsers next to a website’s address.