Heartbleed Bug Exposes Data on Encrypted Websites
Posted on April 9, 2014
The Heartbleed Bug is a majority security flaw that exposes data on servers that were supposed to be secure. Many of the sites that are supposed to be the most secure - the sites beginning with https: that show a padlocked icon in the upper left side of your browers - are vulnerable to the bug. The bug is a coding error in OpenSSL that has been around for two years.
Codenomicon writes on heartbleed.com that you are likely affected directly or indirectly by the bug as OpenSSL is the "most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet." The L.A. Times reports that 66% of servers use OpenSSL, an open source code. The Times also says experts are telling people to temporarily avoid online banking.
The error exposes up to 64kb of data from secure servers at at time. This data could include passwords and email addresses. The worst thing about the bug is IP addresses are not recorded when these random bits of data are taken, so sites can be compromised without web administrators ever knowing.
The bug means people are going to be changing lost of passwords. Those most at risk are people using the same password on multiple sites, which is a big no no on the Internet. Using the same password on more than one site makes it much easier for a criminal to get into your other accounts once one of your passwords has been compromised. The New York Times Bits blog notes that web users may want to wait until after vulnerable sites have fixed the bug before changing passwords, otherwise you will just have to change it again once the compromised site is updated.