RODRIGO BUENDIA/AFP/Getty Images
A computer screen showing a Facebook page on May 10, 2012.
More than half a million Web sites are vulnerable to the “Heartbleed” bug - a major flaw in the security software known as OpenSSL. SSL stands for Secure Socket Layer and it is the technology that establishes a secure encrypted link between a Web server and your browser. In other words, it is what ensures that your information (usernames, passwords, and credit card numbers) travels safely and privately from your browser to the Web server hosting some of your most-frequented Web sites. The “Heartbleed” bug allows potential hackers to steal that “secret” information.
So, what sites have been affected? There’s no way for a server administrator to know if their server has been compromised, so tech experts say they just have to assume that they have been.
But GitHub lists Yahoo, Flickr, and OKCupid among sites that they deem vulnerable. Tools have also popped up online that allow you to search for yourself to see if a Website is at risk.
The “Heartbleed” security flaw went undetected in OpenSSL for two years because using it leaves no trace of anything abnormal happening to the secure encryption logs. How can one know whether personal information has already been intercepted by a hacker? Should I change my password right away? If breaches such as this are an ever-present threat, how can we better protect ourselves in the future?
Seth Rosenblatt, Senior Editor, CNET
Jody Westby, CEO & Founder of Global Cyber Risk, a cybersecurity firm that provides advisory services to corporations and governments in the U.S. and globally. She is also Chair of the American Bar Association's Privacy and Computer Crime Committee