Heartbleed Vulnerability/BugApril 11, 2014
What’s all this about Heartbleed?
On April 7, researchers found a flaw in a popular tool used to secure Internet traffic. That tool, called OpenSSL, is responsible for providing security on the Internet. The bug, named Heartbleed, allows an attacker to capture usernames, passwords and other information. OpenSSL is not used by every website, so many are not affected by this vulnerability.
Why does this matter?
Some sites on the Internet rely on OpenSSL to protect secure traffic. At least 500,000 servers world-wide appear to be affected by the bug, and some personal computers and mobile devices are also affected. Until the bulk of affected computers are fixed, or “patched,” any secure site (e.g., https://) on the Internet is potentially dangerous to visit. Many companies are sending out communications to their customers giving them a status update “all clear” or “not vulnerable.” In fact, a tool has been produced to test websites to see if they are vulnerable (http://filippo.io/Heartbleed/).
What should I do?
Do not panic. While this is a serious vulnerability, server administrators around the world are working around the clock to reduce the risk. Nevertheless, there are some things you can do while the world catches up:
What about Google, Facebook & Other Social Media sites?
Most of the big social media have issued statements regarding the status of their sites. See the Mashable Heartbleed Hit List article below for more information about many of the larger sites that have released information.
Mashable Heartbleed Hit List: The Passwords You Need to Change Right Now