The Heartbleed bug is a real threat. Here's what you should do.


Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
June 3 editorial cartoons
Cartoons Tuesday's political cartoons include RFK Jr. and the CDC, Elon Musk's DOGE exit, and Donald Trump versus academic freedom
-
Gaza Humanitarian Foundation: the group behind Gaza's controversial new aid programme
The Explainer Deadly shootings and chaotic scenes have been reported at aid sites after US group replaced UN humanitarian organisations
-
Is UK's new defence plan transformational or too little, too late?
Today's Big Question Labour's 10-year strategy 'an exercise in tightly bounded ambition' already 'overshadowed by a row over money'
-
Shakespeare not an absent spouse, study proposes
speed read A letter fragment suggests that the Shakespeares lived together all along, says scholar Matthew Steggle
-
New Mexico to investigate death of Gene Hackman, wife
speed read The Oscar-winning actor and his wife Betsy Arakawa were found dead in their home with no signs of foul play
-
Giant schnauzer wins top prize at Westminster show
Speed Read Monty won best in show at the 149th Westminster Kennel Club dog show
-
Beyoncé, Kendrick Lamar take top Grammys
Speed Read Beyoncé took home album of the year for 'Cowboy Carter' and Kendrick Lamar's diss track 'Not Like Us' won five awards
-
The Louvre is giving 'Mona Lisa' her own room
Speed Read The world's most-visited art museum is getting a major renovation
-
Honda and Nissan in merger talks
Speed Read The companies are currently Japan's second and third-biggest automakers, respectively
-
Taylor Swift wraps up record-shattering Eras tour
Speed Read The pop star finally ended her long-running tour in Vancouver, Canada
-
Drake claims illegal boosting, defamation
Speed Read The rapper accused Universal Music of boosting Kendrick Lamar's diss track and said UMG allowed him to be falsely accused of pedophilia