Heartbleed is a scary, scary bug. Without getting into the technical aspects of this recently discovered security hole, it’s an issue with OpenSSL, the security protocol used to encrypt web traffic. How vast is this gaping security hole? According to experts, about 66% of the entire Internet is impacted by Heartbleed.
It sounds terrifying… and it is.
The Wire put together a great comprehensive post explaining what the vulnerability is and how it works, but the most important thing to know is what you should do about it. And unfortunately, for the time being, options are pretty limited and ineffective.
Because this bug exists on numerous hugely popular websites such as Yahoo, Tumblr, OKCupid and Flickr, millions of usernames and passwords may have been exposed as a result of the vulnerability. This also means that until all of these companies update their websites with a new version of OpenSSL that fixes the bug, users will continue to be at risk.
In the meantime though, there are some steps you can take.
First off, check out this GutHub page for a list of big websites that are or were vulnerable. If you have accounts on any of those sites, change your password immediately. If you use the same password on other sites, change those passwords immediately as well — preferably to something different (everyone should be using a solution like 1password at this point).
Then, sadly, all we can do is wait. Change your password frequently on sites that are known to be exposed until you confirm that they have updated OpenSSL.
For more, check out The Wire’s post, which is linked below in our source section.