The Heartbleed bug is a real threat. Here's what you should do.
Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
Will Donald Trump wreck the Brexit deal?
Today's Big Question President-elect's victory could help UK's reset with the EU, but a free-trade agreement with the US to dodge his threatened tariffs could hinder it
By Harriet Marsden, The Week UK Published
-
Marine Le Pen's fake jobs trial
The Explainer The far-right French leader could face a fine, jail time, and a five-year ban from public office if found guilty of embezzlement
By Abby Wilson Published
-
How to earn extra cash for Christmas
The Explainer The holiday season can be expensive but there are ways to bolster your festive finances
By Marc Shoffman, The Week UK Published
-
Quincy Jones, music icon, is dead at 91
Speed Read The legendary producer is perhaps best known as the architect behind Michael Jackson's 'Thriller'
By Peter Weber, The Week US Published
-
OJ Simpson, star athlete tried for murder, dead at 76
Speed Read The former football hero and murder suspect lost his battle with cancer
By Rafi Schwartz, The Week US Published
-
Momofuku's 'Chili Crunch' trademark uproar
Speed Read The company's attempt to own the sole rights has prompted backlash
By Rafi Schwartz, The Week US Published
-
Kevin Hart awarded Mark Twain Prize
Speed Read He is the 25th recipient of the prestigious comedy prize
By Peter Weber, The Week US Published
-
Is Downton Abbey set to return for a final film?
Speed Read Imelda Staunton reveals that a third movie may be in the pipeline
By Adrienne Wyper, The Week UK Published
-
'Oppenheimer' sweeps Oscars with 7 wins
speed read The film won best picture, best director (Christopher Nolan) and best actor (Cillian Murphy)
By Peter Weber, The Week US Published
-
'Rust' armorer convicted of manslaughter
speed read The film's cinematographer Halyna Hutchins was shot and killed by actor Alec Baldwin during rehearsal
By Peter Weber, The Week US Published
-
The Beatles are getting 4 intersecting biopics
Speed Read Director Sam Mendes is making four separate movies, each told from the perspective of one band member
By Peter Weber, The Week US Published