Monday a massive vulnerability was found in OpenSSL, the open-source software package broadly used to encrypt Web communications. They named this vulnerability the Heartbleed Bug. Many are confused about what this bug is, if they are impacted, and how they can protect themselves. This post will help educate you about the Heartbleed Bug and how you can protect yourself online.
What is the Heartbleed Bug?
The Heartbleed Bug exploits a vulnerability in the OpenSSl cryptographic library that allows attackers to gain access to highly sensitive information that is normally protected by the SSL/TLS encryption. This sensitive information could include username, passwords, credit card numbers and communication on virtual private networks (VPN’s).
What is does?
This malicious Bug “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” according to Heartbleed.com. The bug specifically comprises the secret keys that OpenSSL uses to encrypt information online, allowing the attackers to eavesdrop on communications, steal information and impersonate other users.
Who found it?
The flaw was discovered last week by the Finnish security firm Codenomicon and researchers at Google and disclosed the information on Monday. By Tuesday afternoon a large number of website stated they had already fixed the problem, or were in the process of fixing it on their website.
Are you at risk?
OpenSSL is the most popular open source cryptographic library and TLS implementation used to encrypt information on the Internet, so the answer is yes you are probably at risk. Popular social sites, your company’s site, commerce sites, hobby sites, and even government sites use OpenSSL and may be at risk from the Heartbleed Bug.
What should you do to protect yourself?
In order to protect yourself, experts suggest refraining from accessing the Internet for 2-3 days specifically avoiding banking websites, email accounts, and social accounts. Since this is not realistic for most of us, experts suggest that you change all of your passwords once the provider has installed the OpenSSL update on their website.
For more information visit www.Heartbleed.com.