Alert: Heartbleed Bug Threatens Popular Websites!
On April 7th, a new bug on the Internet was discovered that's putting millions of users' personal data at risk. Given the name "Heartbleed bug," it's capable of allowing infiltrators to collect information while you are securely browsing a SSL/TLS website. Since SSL/TLS is so widely used, it's very probably that your personal data is at risk.
What the Heartbleed bug essentially does is render privacy in the OpenSSL cryptographic library obsolete. Two of the biggest and most publicized websites affected that utilize OpenSSL security are sites associated with Google and Yahoo. These sites are getting the most media attention in regards to Heartbleed, but the fallout actually goes beyond these two sites and touches on every single website that uses OpenSSL security--which equates to more than two-thirds of all websites in the world!
The Heartbleed bug only applies to version 1.0.1 and 1.0.2 of OpenSSL. This vulnerability allows hackers to obtain private keys needed to view, and even steal, private information associated with a user's breached account. If your online accounts are affected and your identity is stolen, then you will be in for a world of heartache.
At this point, you and millions of users around the world are asking the big question, "How could something like this happen?" Apparently, the problem lies not in the SSL/TLS specifications, but rather, the vulnerability stems from an implementation problem. It turns out that a programming mistake is responsible for leaking information from services and applications using OpenSSL. Typically, a bug of this nature is detected and fixed as soon as it's found (which is why it's so important to update your software). However, this bug wasn't taken care of, and to make matters worse, this particular bug has been exposing sensitive data to hackers going all the way back to December 2012.
How do you know if you've been hit by the Heartbleed bug? Unfortunately, you can't know for sure. The bug leaves no trace of a hacker's activity, which means that you won't know that you've been hit until:
- Charges show up on your credit card statement.
- You find yourself locked out of your accounts.
- You see a bogus loan taken out in your name.
- You find yourself victimized by any other of the fallouts associated with identity theft.