This is a SERIOUS bug that was discovered yesterday, April 7, 2014 and not to be taken lightly by anyone.
You see, any web site you log into that uses https (Hypertext Transfer Protocol Secure), instead of http; such as your bank, credit card companies, any site you purchase items, Facebook, Twitter, and the list goes on and on, has a serious vulnerability because of the Heartbleed Bug.
On wikipedia you can read more about HTTPS and I think they now need to change this:
HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.
BUT now those secure channels have become vulnerable from the Heartbleed Bug!
What is Being Leaked by the Heartbleed Bug?
- Encryption Keys/Secret Keys of the vendors (possibly your bank, PayPal, etc.)
- Your credentials (user names and passwords)
- Anything protected by encryption (personal or financial details, private communication such as emails or instant messages, and documents)
- Leaked collateral (other details exposed to attacker)
Have the HTTPS Site You Used Been Compromised?
However you can check your https sites you use and any domain at Heartbleed Test (I’m not sure how accurate and reliable this test is – anyone know or care to comment?) And according to Heartbleed.com: “Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.”
Is there a Fix to the Leak?
- Yes; however your compromised vendors will need to apply the fix. (I phoned security/development at PayPal and I was told “at this time there are no reports we have been compromised” – should we all call the rest of our vendors?)
- Change your usernames and passwords (I write mine in pencil in an address book) to all the https sites you use (hence the nosebleed!) and then change them often. As the Professor said in class, “if you have been using the same passwords for longer than two years, you need to change it now!”
I’d love to hear from you by leaving a comment below and letting us all know what you’ve read, know, or other fixes/suggestions for the Heartbleed Bug.