Website owners far and wide scramble to fix a major vulnerability
This has been one of the busier weeks in recent history for IT workers and web admins. Earlier this week, researchers discovered a major flaw in OpenSSL, an open source encryption technology that's utilized by an estimated two-third of the world's websites. They're calling it "Heartbleed." By exploiting the bug, cybercriminals can comb through a server's memory and pluck sensitive user data, including usernames, passwords, credit card numbers, and more.
Hackers can also exploit the vulnerability to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users, according to Heartbleed.com, a special website built by Finnish security firm Codenomicon. The website is intended to answer questions about the vulnerability.
The good news here is that an updated version of OpenSSL plugs up the security hole. However, not all websites know about the patch, nor are some of them informed about Heartbleed.
"You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL," Heartbleed.com explains.
Changing your passwords is recommended, though not until any website you log into confirms that it's fixed the issue. While bigger sites are likely aware of the issue, smaller hobby sites that you visit might not be, so you might even want to reach out to them. It's also a good idea of keep a close eye on your financial statements in the immediate future, if you're not doing so already.