I am sure you have seen on almost every part of the Internet about a massive security bug called Heartbleed. This security hole is not new in fact it has been around for a 
couple of years. The hole was just recently discovered and action was taken by all to get a patch applied to their servers within hours. As far as is known, the vulnerability was never actually exploited because of the timely response of all the affected companies. The response to fix this exploit was amazing.
Heartbleed is a major security flaw that is various versions of openSSL. What happens is the information that is encrypted has been stored in a temporary location after it has been encrypted. A hacker that knew of the security flaw could then access this information in the temporary location. Pretty much anybody on the Internet had access to this information but they just did not know about it.
The flaw was so bad that a hacker could get not only passwords and log in information but also encryption keys to unlock even more sensitive data. The list could go on and on. Hackers can even set up fake duplicate websites using the information that was obtained from the temp folders. It is very hard for me to imagine how a security flaw of this magnitude could go unchecked for a couple of years without being found.
Like I said, if there is a ray of good news about this exploit, it appears that the security hole has never been breached or used. The extremely fast response from the affected parties helped get the exploit fixed in a timely fashion. The speed of this action probably helped in keeping any of the bad guys from obtaining information since the holes were patched so quickly.
Many large sites such as Yahoo were affected but I have heard that they are now patched. To err on the side of caution, I strongly recommend you change all your sensitive passwords, especially to those of financial institutions; to be sure nobody can access this sensitive data. The good news is that most financial institutions have a multi layer security plan in place so anybody trying to access your information would have to also know personal things about you in order to get in. This factor would make it more difficult to get into your accounts.
Unlike most exploits, there is absolutely nothing the end user of a computer can do to prevent this security hole. The responsibility lies totally on the owner of the server. Since nobody knows for sure if any information was actually stolen or what websites were compromised, experts are warning folks to change all your passwords. Every password for every site you have a log in for. For many of us, this can be a daunting task so start with the most important and work your way down.
Most of the major websites were at one time vulnerable and that list includes Facebook, Google, Yahoo, Gmail, Yahoo Mail, GoDaddy, Dropbox, Pinterest and more. I must emphasize that these sites are now patched and safe to use. Some sites such as AOL, Linkedin and Ebay were never vulnerable since they do not use SSL.
Thankfully most of the major players are now patched and I am sure there are still some out there that are vulnerable. Websites that do not require logins were not affected even if their server had the vulnerability. In review, simply change your passwords for all your sensitive information. If you follow that simple rule you should have nothing to worry about.
Posted By, Ross A Deprey
Leave a Reply