“Heartbleed” security bug leaves majority of the web vulnerable

Heartbleed security bug header

A major security flaw called Heartbleed was discovered today by security researchers. OpenSSL, the open-source encryption software library, has a massive bug that affects a majority of the web. The bug allows hackers to uncover personal information without being detected.

It’s a complex security issue but I’ll try to keep it as simple as possible. Heartbleed is going to be an ongoing issue and you should take precautions to protect yourself.

What is OpenSSL?

OpenSSL is an open-source cryptographic library that helps secure web traffic. It protects information like usernames, passwords, and other information from being eavesdropped by hackers.

By using OpenSSL, users can be certain that they are contacting the site they intend to and that information exchanged with the site is secure.

What is the Heartbleed bug?

Heartbleed is the code name for the bug that was discovered in OpenSSL. The bug has been around for over two years but wasn’t discovered until now.

The vulnerability compromises the secret keys OpenSSL exchanges with users to encrypt traffic. If a hacker is eavesdropping on a compromised connection, usernames and passwords will allow them to impersonate you.

The scariest part is that Heartbleed doesn’t let sites and services know if they are compromised or have been compromised in the past. This means your information could have been stolen but you would never know.

Which websites and services are affected?

Over 66% of the web uses OpenSSL so tons of sites are affected. Yahoo!, Imgur, and OkCupid are just a few major sites that are affected. There’s a master list of affected sites at GitHub if you want to check which sites you visit are vulnerable.

Many sites have begun patching their the bug but it may be too late. The bug has been around for two years and your information may already be exposed.

What can I do to protect myself?

Not much, unfortunately. Since OpenSSL is implemented by websites and services, it’s up to them to patch the bug.

If you can, avoid going to the sites that are listed on Github’s master list. Changing your passwords on those sites won’t help until they’ve fixed the bug. Wait until the site has patched Heartbleed before changing your password.

If a site isn’t listed, you can change your password anyway just to be safe.

All you can do now is wait for sites to patch the bug. It’s a good time to check any suspicious activity on your accounts as well.

Always enable two-factor authentication when possible and use unique passwords for each site and service you sign up for. Password lockers like 1Password and LastPass are great options to generate and keep track of all your passwords.

Source: Heartbleed.com | GitHub | OpenSSL

Via: Lifehacker

RELATED STORIES

Loading comments

Popular stories

5 ways to customize Yahoo! Mail

5 ways to customize Yahoo! Mail

Black Friday: The best deals from Monday 20th November

Black Friday: The best deals from Monday 20th November

5 reasons to switch from Yahoo! Mail to Gmail

5 reasons to switch from Yahoo! Mail to Gmail

How do I know if somebody is stealing my photos?

How do I know if somebody is stealing my photos?

8 tricks to boost your security on Google Chrome

8 tricks to boost your security on Google Chrome

Read more stories

Latest articles