The big news in the tech world this week is that of the discovery of the “Heartbleed” vulnerability (http://heartbleed.com/). As a generation we are used to hearing about vulnerabilities, stolen passwords, anonymous attacks etc. Heartbleed, named so because data leaks from the affected service, is different from the usual password harvesting. Heartbleed is serious. A lot more serious.
What is Heartbleed?
Without trying to get too technical, the issue relates to a software library OpenSSL. OpenSSL is cryptographic software that basically encrypts data between your computer and the website you are browsing. OpenSSL encrypts the information you send so that it can’t be intercepted and easily read by another human. OpenSSL is probably the most popular of encryption libraries and is used not just by online banking sites or merchant sites, but also email sites, instant messaging applications and even whole computer networks, The vulnerability basically means that someone can compromise the secret keys used to encrypt your information. With these keys, they can decrypt the information and read it clearly. As you can probably tell, this is a big problem.
Who has been affected?
OpenSSL is a software library that has been used by multiple types of internet sites and services. Social network sites such as Facebook and Twitter have been affected, along with many of Googles services (Gmail, YouTube and Google Play) as well as Yahoo! Many popular services such as Dropbox and Soundcloud were also affected. A list of all the sites affected and their current status can be found here. As the library affected is used my so many websites, its possible that almost all Internet users will be affected.
What should I do?
What action you should take depends on the service. The standard reaction is to log into each service and change your password straight away. While this is of course recommended, for services that are still affected this could be a pointless exercise as your data is still vulnerable. Thankfully, some of the popular sites above were notified and had patched the issue before it became public knowledge, and will force you to sign in to the site again, changing your password in the process. To help your account be more secure, many sites such as GMail use a two-step sign in process, so activating this will help. On top of this, also be aware of any unusual online activity and pay attention to any emails you get from any online services. Fortunately many sites have been able to patch the issue, some before the issue went public, but it’s now important to be vigilant and aware of all your online accounts.
Over to you.
What do you think? Are you worried about the Heartbleed bug?