Heartbleed bug got you down? You have a right to be worried, especially since it’s been in existence for two years and security researchers just discovered it this month.
Heartbleed is a flaw in OpenSSL, a data encryption program that’s used by 66 percent of all sites on the Internet. When a website needs to transmit data that needs to be protected, OpenSSL provides a secure line and scrambles the transmission so it appears as gibberish to anyone except the person receiving the data. And when two computers are communicating with each other, one of them will sometimes send a small packet of data called a “heartbeat” that requires a response, assuring the transmitting computer that its counterpart is still there.
But because of a programming error, hackers can now manipulate the program and send a hidden packet of data to another computer. The receiving computer thinks the data is legitimate and responds with data stored in its memory, data that may include all manner of things you don’t want others to get their hands on—think passwords, user names, bank account and credit card numbers and much more.
The good news is that flaw has been fixed: the bad news is that many sites haven’t yet upgraded to the software that is bug-free. But as sites begin updating, the problem should get better in the near future. You can check whether a site you’re visiting has or hasn’t upgraded to the flaw-free program by going to http://filippo.io/Heartbleed/. If the site in question is affected, don’t log into it until it’s been upgraded. If it has been upgraded, go ahead and change your user names and passwords, and that should keep your personal data safe.
Learn more on how to create effective passwords.