If you’ve been perusing the Internet over the past 24 hours, you’ve likely come across headlines about the Heartbleed virus and how your data could be at risk. It’s even being called “one of the biggest security threats the Internet has even seen.” Because of this bug, hundreds of websites may have exposed your sensitive account information (such as passwords and credit card numbers), though exact details are still being sorted out.
The Bad News: The security vulnerability that allowed Heartbleed to spread originated back in December 2011, with many companies using software packages containing this glitch beginning in May 2012, according to Mashable.com. “So for two years, any app, website, bank or private messaging app that uses OpenSSL has been vulnerable to this bug,” Mashable’s Christina Warren said.
What’s OpenSLL? In layman’s terms, a cryptographic protocol that secures and protects sensitive Web communications. (Looking for more technical details? Click here.) You know how certain websites have “Https:” instead of “Http:” preceding their URLs? That’s part of OpenSLL.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
The Good News: Several media outlets are reporting that most hackers weren’t made aware of the Heartbleed bug until this week, significantly reducing the chances of foul play, and many Internet companies have already updated their servers and installed security patches, which means you simply need to change your password as soon as possible. BUT, it’s important not to change your password before you can confirm a website installed a patch – or you’ll just be leaving your new password as vulnerable as your old one. (Mashable is continuously updating a list of companies and their patch status here. You can also check a company’s website, as they’ll likely be posting about this.)
Even More Good News: Building Engines clients have nothing to worry about! None of our data was compromised.
Unfortunately, some of the companies that have been affected include Facebook, Gmail, Yahoo Mail, Dropbox, and Amazon Web Service. So keep checking the status of patches and get creative with some new passwords!
For more on The Heartbleed Bug, click here.