Yesterday an enormous exploit was announced impacting OpenSSL, the open-source software package extensively used to encrypt Web communications. They named this exploit the Heartbleed Bug. Many have questions about what this bug is, how it will impact them, and what they should do to protect themselves online. Hopefully this post will help you answer these questions and more about the Heartbleed Bug.
What is the Heartbleed Bug?
The Heartbleed Bug uncovers a vulnerability in the OpenSSL cryptographic library that permits attackers to access to highly sensitive data that is regularly protected by the SSL/TLS encryption methods. This sensitive data includes username, passwords, credit card numbers and information on virtual private networks (VPN’s).
What is does?
This noxious Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” according to Heartbleed.com. The bug compromises the secret keys OpenSSL utilizes to encrypt online communications. With access to these secret keys, attackers are able to eavesdrop on communications, impersonate other users and steal information.
Who discovered it?
The Bug was uncovered a late last week by the Finnish security firm Codenomicon and analysts at Google who then revealed it on Monday. By mid-day Tuesday many websites stated they had already addressed the issue, or were in the process of upgrading their websites OpenSSL.
Are you at risk?
OpenSSL is the most commonly used open source cryptographic library and TLS implementation source to encrypt data on the Internet, so the answer is yes you are likely at risk. Popular social sites, your organization’s site, hobby and interest website, commerce or shopping websites and even government sites use OpenSSL and therefore may be impacted by this Bug.
What should you do to protect yourself?
Experts suggest that refraining from using the Internet for 2-3 days, specifically from accessing social sites, banking sites, and email accounts will give you the ultimate level of protection against the Heartbleed Bug. This is not realistic for most us, so it is suggested that you change all of your passwords once the OpenSSL update has been installed on the impacted website.
For more information visit www.Heartbleed.com.