Earlier this week a security bug has been discovered in a popular cryptographic software (OpenSSL) widely used to secure the internet putting millions of passwords, personal information and credit card numbers at risk.
Why is Heartbleed such a big deal?
Heartbleed affects the encryption technology used by companies to protect online accounts for banking, email, instant messaging and e-commerce.
How does it work?
Heartbleed creates an opening in SSL/TLS (an encryption technology used, marked by the small padlock and “https” on websites to show traffic is secure). The bug makes it possible to snoop on the traffic between the website and the web browser even when showing “https” and the closed padlock.
What do I do if I own a website?
Get your website administrator to verify your website is not affected by this bug. A fixed version of OpenSSL has been released, but it is up to the administrator to apply it. They can read more here http://heartbleed.com/ You can run a check yourself, but this might not be 100% accurate.
How do you protect yourself?
You will need to change your password, but until those sites have applied the fix there is no use. It would be up to the companies affected to inform you that they have applied the fix.
To give you an idea, Yahoo Inc. has more than 800 million users around the world, said that most of its popular services affected had been fixed but work it still being done on other services they have not identified.
Regards,
Rene Els
Elscomm
Toms Blog on Life and Livingness