What is it
It is not a virus, it’s a bug in OpenSSL. It is potentially the largest vulnerability in the history of the internet, affecting an estimated two-thirds of secure websites worldwide.
Heartbleed is:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
As security expert Bruce Schneier says “‘catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”
Very basically – an attacker can move in and out, stealing sensitive data and passwords, and leave zero trace.
Sites that have little lock icon in the URL bar are what’s affected, seen when using HTTPS (like email, Facebook or banking).
Learn More
Mashable – here / Bruce Schneier – here / Heartbleed site here
Check if Your Site is Vulnerable
Here – Filippo.io
What to do
Everyone: change any passwords that may use OpenSSL. Mashable has a list of affected sites here.
Small Business Owners: you need to call your IT guy now. Now. If you are taking credit cards, or any sensitive or private data, you have a responsibility to protect your customers who have trusted you.
Judging eyes :|
A Rant
This Shangri-lala land we’re living in will soon end, maybe with a massive, worldwide compromise, that will force us to change the way the way we conduct ourselves online. One day, you’ll tell your grandchildren, of a time when people’s passwords were all the same…
This Heartbleed bug is the beginning of that. Go change your passwords.
</rant>
(via XKCD.com)
Imagination.