A new bug came and went over break, and it wasn’t the spring cold (although that was going around too). Dubbed as Heartbleed, this was one serious security flaw that hit the web in early April.
Actually, that’s not the whole truth. You see, Heartbleed has been around for quite a while: around two years, and was discovered by a team of security engineers from Google and Codenomicon. But what it all boils down to is this: a compromise of privacy.
All those social media companies (Facebook, Twitter, Tumblr) and more than those listed use a form of encryption called OpenSSL, which basically ensures that all the private posting and messaging that you have online stays private. What the Heartbleed bug allows the hacker(s) to do is to read the memory of the systems that use OpenSSL, which means that they can access private information such as passwords and credit cards. This means that there is a compromise of the encryption codes that were put in place to protect sensitive information, and allowed the attackers to steal data directly from the services, instead of the traditional find-the-chink-in-the-wall version.
Fortunately, this bug only affects one version of OpenSSL, and a fix (including a change in password) has already been created. Even so, the fact that such a large security breach went unnoticed for such a long time is worrisome. To be safe, one should change all passwords on social networking sites as well as any google-related accounts. This would be a good idea regardless, but now is definitely the time to make sure that one is secure.
