Heartbleed OpenSSL Bug
What to Do About the Heartbleed Security Bug
You've probably heard about the Heartbleed bug, an OpenSSL security vulnerability that exposes your communications and data to users. What's more frightening is that the bug lets attackers impersonate services and users — so you won't know if you've been compromised.
What should I do?
As Reddit user alienth points out, the best thing to do is avoid vulnerable sites altogether until the flaw is patched. Once it is fixed, change your username and password immediately. If you set up a new password before a bug fix, you'll expose yourself to attackers.
Which sites are affected?
Mashable has compiled a comprehensive list of compromised servers as well as updates on whether or not the bug has been "patched" or fixed. Only change your log-in credentials if there is a confirmed OpenSSL patch.
The password management software LastPass is also checking for patches at lastpass.com/heartbleed, which tells users when it's safe to take action.
You can also enter in a specific URL at filippo.io/Heartbleed.
At the time of the Heartbleed bug discovery, over 500,000 sites were vulnerable. Yahoo, Tumblr, Google, and Microsoft are no longer at risk.
Early on Tuesday, this list of vulnerable sites, including OkCupid, 500px, and others, was published. Many of these sites have since patched the issue, but double-check with our test above.
What's OpenSSL?
The padlock in your browser bar means the data on that site is encrypted. The URL will probably start with "HTTPS" instead of "HTTP," indicating that the site is secure. When you log on to your Gmail or bank, for example, you should see this lock icon. The "SSL" part of OpenSSL stands for "Secure Sockets Layer," the line of defense between your computer and a server. If this sounds familiar, it's because Apple experienced a similar SSL security flaw earlier this year. OpenSSL is an open-source encryption software that over two-thirds of the web uses to protect their users.
Any questions? We're sure you have plenty, so leave us a comment below or tweet us at @POPSUGARTech.
Source: LastPass