When big names in the Internet like Tumblr are urging password changes, it’s probably an okay time to worry. Internet security experts are swarming to assess the security breach caused by a software bug called Heartbleed, found in OpenSSL technology, which runs encryption for over two-thirds of the web.
What is Heartbleed?
Heartbleed is a security flaw in the popular OpenSSL cryptographic software library—discovered by security firm Codenomicon and Google Security—that makes sensitive information, such as emails, passwords and credit card data, to be at risk.
What is OpenSSL?
OpenSSL is an encryption software that websites use to secure the Internet. It provides communication privacy for web applications like websites, email, banking, credit cards, file storage, instant messaging and some private networks. You’ve seen that little lock next to a HTTPS URL in your web browser. That’s OpenSSL.
Why is this a big deal?
Heartbleed is different from other recent online security breaches in that over two-thirds of the Internet uses OpenSSL software in some way. To make things worse, this bug went unnoticed for over two years.
Have I been affected by it?
Most likely, you’ve been affected directly or indirectly. Since OpenSSL is the most popular open source cryptographic library implementation used to encrypt traffic on the Internet, the websites you visit daily are vulnerable.
How can I protect myself?
This is the trickiest part. While experts work to code a patch, your information is still up for grabs. So, even if you change your password, a website that uses OpenSSL currently has the Heartbleed bug until they find a fix. Many large consumer websites are safe, but smaller services or those who have upgraded to the latest encryption are at risk. So, a password change couldn’t hurt, but might not necessarily help.
A Heartbleed test has been created that allows you to type in a website name to determine if it’s safe. For the tech savvy, check out this website to find out more about the Heartbleed bug.