Many internet users may not have heard about the Heartbleed bug which is a security bug that have been around for about two years. Few weeks ago, security researchers announced that OpenSSL had a security flaw that allowed hackers to extract massive amounts of data from some of the most common internet services. These are the services we often assume to be secure, including Facebook and Gmail. The bug makes the machines powering online services and typically transmitting secure information vulnerable.
What is it?
The Heartbleed bug is a flaw that exists in OpenSSL, which is the open-source encryption standard used by most websites to transmit secure and private users’ data. The encryption allows a secure line of data transmission by making it nonsensical to anyone except the intended recipient.
What does it do?
Randomly, for security purposes, a computer confirms that there’s actually another computer at the other end of the secure connection. It therefore sends out what is referred to as a Heartbeat, a small data packet requesting a response. Due to a programming flaw in the OpenSSL implementation, researchers found that hackers could send a similar packet, but what it really does is to trick the computer on the other end into sending data stored in its memory.
What’s the risk?
The flaw has been in OpenSSL for about 2 years using a code that does not leave a trace. The data at risk is the kind of information stored in the active memory of web servers. This includes, usernames, passwords, content that users upload to different services, and credit card numbers.
Am I affected?
The problem goes beyond your personal devices to the software powering the services you are using; therefore, you may be directly or indirectly affected since OpenSSL is used to encrypt most internet traffic, such as social media websites and government services sites.
What should I do?
To protect yourself, assume your accounts may have been compromised and change your online passwords, particularly for high-impact services such as your email and banking logins.
Please note that in some instances, some websites have yet to upgrade to software that is bug free, so changing your passwords may not solve the issue at this point, however, OpenSSL developers were made aware of the flaw beforehand and the vulnerability was fixed before the public announcement. As such, the heartbleed bug may no longer be as prevalent as major service providers should already have updated their websites.