Recently, a major security vulnerability named “Heartbleed” has made headlines around the world. This is a severe vulnerability stemming from a coding mistake in a widely-used security utility called OpenSSL.
The bug affects the encryption technology designed to protect your sensitive data on the Internet, like usernames, passwords, emails and payment details.
This is a flaw in the OpenSSL encryption code, not a virus that can be stopped by user’s security software, and stems from vulnerability in the SSL heartbeat which keeps a secure connection alive without the need to renegotiate the SSL session (hence the name). Because this vulnerability takes advantage of servers, and not user’s devices, businesses and webmasters are urgently updating to the latest version of OpenSSL which has fixed the problem.
The severity of the Heartbleed vulnerability cannot be overstated: a lot of major websites and applications use OpenSSL, and you are very likely to have been affected by this vulnerability.
So what do you need to do?
- Right now, the best thing you can do is wait to be notified about affected services and patches or you can investigate this list provided by Mashable that has some well known brands listed.
- If you’d like to investigate whether or not a website you visit has been affected, you can use this tool.
- Reset your password for every online service affected by Heartbleed. But beware: you should only change your password after the afflicted business has fixed its servers to remove the Heartbleed vulnerability. Changing your passwords before a company’s servers are updated will not protect your credentials from being leaked and many are now being actively targeted.