Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
-
Florida erases rainbow crosswalk at Pulse nightclubSpeed Read The colorful crosswalk was outside the former LGBTQ nightclub where 49 people were killed in a 2016 shooting
-
Trump says Smithsonian too focused on slavery's illsSpeed Read The president would prefer the museum to highlight 'success,' 'brightness' and 'the future'
-
Trump to host Kennedy Honors for Kiss, StalloneSpeed Read Actor Sylvester Stallone and the glam-rock band Kiss were among those named as this year's inductees
-
White House seeks to bend Smithsonian to Trump's viewSpeed Read The Smithsonian Institution's 21 museums are under review to ensure their content aligns with the president's interpretation of American history
-
Charlamagne Tha God irks Trump with Epstein talkSpeed Read The radio host said the Jeffrey Epstein scandal could help 'traditional conservatives' take back the Republican Party
-
CBS cancels Colbert's 'Late Show'Speed Read 'The Late Show with Stephen Colbert' is ending next year
-
Shakespeare not an absent spouse, study proposesspeed read A letter fragment suggests that the Shakespeares lived together all along, says scholar Matthew Steggle
-
New Mexico to investigate death of Gene Hackman, wifespeed read The Oscar-winning actor and his wife Betsy Arakawa were found dead in their home with no signs of foul play
