The Heartbleed bug in OpenSSL, a widely used software library, has been provoking catastrophes for developers all over the world. Before you dismiss this as merely something which affects nerdy software programmers who are doing things that the average person would consider to be barely comprehensible, you should consider this: the Heartbleed bug could affect as many as two-thirds of the world’s web servers.
Clearly this is a very significant and malignant bug; but what are the true consequences of Heartbleed? Well, in most conventional security breaches malignant hackers circumvent a site’s security and essentially download a raft of encrypted usernames and passwords from the host server. This can be effective, but also can pose massive problems for the hackers if people have used passwords that are difficult to crack. Heartbleed is potentially far more dangerous and intrusive as it enables attackers to grab information in relatively tiny chunks of data as it’s being transmitted through a server.
While some solace can be derived from the fact that a hacker would have to be logged on to a site at the exact time that you enter credit card or other private information, this is negated to a large extent by the fact that it has been shown that the Heartbleed bug can enable usernames and passwords to be grabbed in an unencrypted form.
This all sounds very alarming, and like something which could affect virtually everyone in the world, or conservatively billions of people. News of the Heartbleed bug could lead Internet users all over the world to rush to change every single one of their passwords as quickly as they possibly can.
No need for panic!
Well, such panic is not particularly worthwhile. The onus is really on server providers to fix this problem, as any attempts to change passwords will ultimately prove quite futile, as Heartbleed will still enable malevolent hackers to grab unencrypted information in the right circumstances. Instead, this issue must be cured at the server level, and doubtless huge efforts are currently underway to ensure that this is the case across the Internet’s biggest sites.
Also, before worrying about the situation unduly, it would be a good idea to check whether or not sites that you visit are actually affected by this bug. If you visit this page then you can enter server information and be informed whether or not it is affected by Heartbleed. Naturally, many of the world’s biggest and most sophisticated websites will be clean, so this should be some small form of comfort for those worrying about their intimate information being purloined.
With administrators all over the world currently working on shoring up security for their sites, this problem may be an annoying one, but it probably won’t be enduring. In many cases, the process will involve acquiring new security certificates and keys from a Certificate Authority. Nonetheless, it would be wise to tread carefully with your web surfing for the time being.