For those of you who haven't heard about the Heartbleed Bug, please take a few moments to read on. This may be the most important security story of the year, or maybe ever. After you read, you may want to share this with everyone you know, because it's just that important.
The internet is alive with stories of the Heartbleed bug, which is an OpenSSL security vulnerability that currently affects around two-thirds of all websites on the internet — that's more than 600,000 servers.
What You Need to Know
- This bug has been around for more than two years
- It can allow malicious ne'er-do-wells to eavesdrop on secure traffic and capture information, including user names, passwords, and any other transmitted data
- It also affects popular internet hardware, like Cisco Routers and Juniper Gear, which many businesses use in their operations
- There is no way to know whether bad guys collected any of our sensitive information or passwords
What You Need to Do
- Check to see if a website you use was affected
- Wait until the site you use patches their servers
- Create a new password at that site
- Use a different password for every site you work with online
- Consider getting a password vault to manage your online credentials
- Beware of phishing messages that try to get you to click on links in response to this security threat. Browse to sites on your own, not by clicking message links.
- Tell your friends about this problem and point them to online articles that educate them on what to do
XKCD Explains Heartbleed
Have any of your sites been affected? Let me know.
[Update 2014-04-11: Added XKCD image and link.]