An OpenSSL vulnerability was made public on April 7th, 2014, it is considered one of the large security threats ever seen. OpenSSL is the security cryptographic software library used by a large amount of open source web servers; up to 66% of the web might be using OpenSSL to encrypt passwords according to Netcraft’s April 2014 Web Server Survey.
What is vulnerable?
Usernames, passwords and anything else that is being transferred via OpenSSL can be taken.
What can I do?
Unfortunately this is a server-side bug so it doesn’t really matter what’s going on in your computer, phone or tablet. What you can do is after the websites have patched the exploit you should change your passwords. You should also check into your server providers and make sure they’ve updated their OpenSSL and patched the exploit.
What sites are affected?
A lot of them. You can use this site to check on the server’s status http://filippo.io/Heartbleed/.
Here’s a quicklist of sites that may be vulnerable via Digital Trends:
- Yahoo Mail
- Intuit Turbo Tax
Is Interface safe?
Yes we’ve made sure our servers are not affected by the Heartbleed Bug, the versions of OpenSSL we ran never included the bug in the first place. Your information is safe if you’ve been using our services.
If you have any questions feel free to leave comments below!