Holy shit! So every day, you use websites encrypted using OpenSSL to order things online, do your taxes, pay your bills, etc… Well for the past 2 years, your information has been susceptible hackers by means of a vulnerability known as “The Heartbleed Bug.” The news just broke yesterday. I didn’t know anything about it until I received an email from my bank stating:
[We are] aware of the “Heartbleed” bug. We are evaluating the situation and are prepared to execute any changes, if necessary, as quickly as possible. We are committed to protecting the security and integrity of your personal information and we will continue to update you if any further action is needed.
Now I found that a little disturbing. Enough so that I decided to dig a little and find out what this Heartbleed Bug was. This is what I found published yesterday on Time Magazine’s website:
Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week
Naturally, as a person who runs his own websites, I was a little disturbed to say the least. Especially when I used this site to test whether or not my servers were susceptible to the attack. Low and behold, they were. Well my Linux-loving brethren were pretty snappy about putting out a fix. I patched my server and tested again to verify that it was, indeed, fixed. Not that my web servers are host to any potentially dangerous information, but it’s the principal.
So what should you do? Chances are, you haven’t been affected. It’s not the same as someone hacking into a server to steal information. It’s more like a hacker being able to peek in occasionally, and only see a tiny snapshot of what the server was processing at that exact same moment. However, it may be prudent to protect yourself. This article has some pretty sound advice on what to do.