What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least)

What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least)

There’s a security flaw in one of the basic encryption tools used by a huge number of websites, and it probably affects you.

Just to be safe, you should probably change your passwords. All of them.

The flaw goes by the appropriately scary name “Heartbleed,” and it affects OpenSSL, a data encryption library used by — potentially — more than two-thirds of the Internet’s websites.

In short, the bug means that attackers can “listen in” on communications between those websites and the browsers visiting them.

“Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously,” the researchers wrote on Heartbleed.com.

If any malicious people knew about the bug before it was first widely publicized yesterday, they could have been using it to snoop on supposedly secure browser-server communications for as long as two years — since the first vulnerable version of OpenSSL appeared in December 2011. That means the bad guys may already have your passwords.

A list posted to Github early today lists a large number of sites whose servers were vulnerable to the Heartbleed exploit, including Yahoo.com, Stackoverflow.com, Outbrain.com, OKCupid.com, Steamcommunity.com, Slate.com, Entrepreneur.com, and many more. Many of those sites may have since been fixed.

 

 



Source: Venturebeat - Read the original article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On