The Heartbleed bug is a real threat. Here's what you should do.
Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
Drake claims illegal boosting, defamation
Speed Read The rapper accused Universal Music of boosting Kendrick Lamar's diss track and said UMG allowed him to be falsely accused of pedophilia
By Rafi Schwartz, The Week US Published
-
'Wicked' and 'Gladiator II' ignite holiday box office
Speed Read The combination of the two movies revitalized a struggling box office
By Peter Weber, The Week US Published
-
Jussie Smollet conviction overturned on appeal
Speed Read The Illinois Supreme Court overturned the actor's conviction on charges of staging a racist and homophobic attack against himself in 2019
By Peter Weber, The Week US Published
-
Quincy Jones, music icon, is dead at 91
Speed Read The legendary producer is perhaps best known as the architect behind Michael Jackson's 'Thriller'
By Peter Weber, The Week US Published
-
OJ Simpson, star athlete tried for murder, dead at 76
Speed Read The former football hero and murder suspect lost his battle with cancer
By Rafi Schwartz, The Week US Published
-
Momofuku's 'Chili Crunch' trademark uproar
Speed Read The company's attempt to own the sole rights has prompted backlash
By Rafi Schwartz, The Week US Published
-
Kevin Hart awarded Mark Twain Prize
Speed Read He is the 25th recipient of the prestigious comedy prize
By Peter Weber, The Week US Published
-
Is Downton Abbey set to return for a final film?
Speed Read Imelda Staunton reveals that a third movie may be in the pipeline
By Adrienne Wyper, The Week UK Published