Heartbleed Bug–What You Need to Know

April 9, 2014, Written By Bill Hardekopf
Computer security concept

Software designed to provide extra security for websites has now been deemed to have a significant flaw that has made consumers’ personal data vulnerable to theft by hackers.

The Heartbleed Bug is a flaw found in OpenSSL which is a cryptographic program that digitally encodes secure data as it is sent to and from computer servers, and makes it so that the service provider and the intended recipients are the only parties who can read it.

Your computer may be visiting a website that is using this program when you see the padlock in your computer browser. Other versions of this type of program exist, but only the OpenSSL version has the flaw.

Unfortunately, OpenSSL is popular and websites such as Yahoo did use the technology to guard their sites. It is estimated that up to 2/3 of all sites may have been affected by the bug.

Google Security and Codenomicon, a security firm in Finland that discovered the bug, said Monday that the bug has existed in the software for two years. It could be exploited to reveal the secret keys that identify service providers using OpenSSL.

If attackers copied these keys, they could steal the names and passwords of people using these websites and copy their data. They could then set up fake sites that would appear real because they used the stolen keys.

Consumers seem to be assaulted every day with news of security breaches, but this one may be major because of the sheer number of websites that are vulnerable.

Thus far, there have been no widespread reports of hackers using data from this breach, but to be on the safe side, many experts are recommending consumers to change passwords on financial accounts.

There is nothing that needs to be done on your personal computer because the flaw is with the websites.

If you are concerned about whether a website you frequent is vulnerable, you can test it using this free tool.



The information contained within this article was accurate as of April 9, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.