Written by: Joseph Albahari
Are your passwords safe? That depends on when you last changed them.
On April 7, it was made public that the security of the Internet was compromised by the Heartbleed bug.
Heartbleed, or CVE-2014-0160 as it is technically named, is an OpenSSL security bug that has affected about 17 percent of the internet’s websites. The bug allows hackers to exploit the security to gain information on user cookies and passwords.
An OpenSSL is an Internet system that acts as a library for encrypted data. It is used by websites for password and username security.
The name Heartbleed, coined by the security company Codenomicon, comes from the heartbeat extension that the bug exploits in the OpenSSL.
According to heartbleed.com, the bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, including the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and even impersonate services and users.
“Some might argue that [heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet,” Joseph Steinberg, Forbes writer, said.
Some major sites that may have been affected include Facebook, Instagram, Pinterest, Tumblr, Twitter, Yahoo and Google. Websites that have confirmed that they were affected include healthcare.gov, Netflix, Minecraft and Youtube.
Users are advised to change their passwords for protection against the theft of their information. If you think you should change your password, go ahead and do it just in case.
A new version of OpenSSL has been developed and distributed to websites so that they can update their pages and protect their users. Many websites, such as Tumblr, put a notice on their website urging users to change their passwords while their website’s tech team worked on updating the SSL security.
Changing your password is all a user can do to protect themselves from this bug until all sites have updated their OpenSSL.
To see a list of all websites that have been affected by the bug, mashable.com has compiled a list for users to refer to.