Heartbleed Part 1: Does it affect me?
Directly or indirectly, you are likely to have been affected by Heartbleed. The social media sites you use, your company's site, internet shopping sites, even sites run by the Government are possibly vulnerable. Facebook, Instagram, Yahoo, Dropbox and many others were all affected...
So what is Heartbleed? When you establish a secure connection to a website, e-mail, social networking, instant messaging etc your information is protected using encryption. Here's a simple explanation from xkcd.
Heartbleed is a serious encryption flaw in the OpenSSL cryptographic software library, perhaps the most widely deployed encryption library on the Internet. A simple explanation of the security flaw: Put simply, the flaw enables anyone on the internet to read a small block of memory of a machine that is protected by a vulnerable version of the Open SSL library.
Worst case, this could contain something sensitive like a username or password, or even the secret key that is used by the server to keep your connection encrypted. Click here for detailed information. Another great explanation from xkcd:
As exploiting Heartbleed leaves no trace, there is no way to tell if a server has been hacked and what kind of data was stolen. Your passwords and other personal information may have been compromised from any website affected by the vulnerability. In order to be as protected as possible, we recommend that you change the passwords for the accounts that are most critical to you immediately.
The most important thing is to make sure you use different passwords on each and every website, because if your password is stolen on one site, it will not impact other sites.
This was true before Heartbleed and is even more relevant today.Now might be the time to go through all of your accounts will security in mind and revise your password policy. Part 2 of our Heartbleed blog post gives some steps to take to secure your digital life online.
Banner Image Credit: "snoopsmaus" via Flickr Creative Commons