Internet security experts revealed earlier this week that they have discovered a bug plaguing the internet that may have put over 66 percent of the web at risk for credit card, password and personal information leaks.
Named as the Heartbleed Bug by the researchers and experts who discovered it, the newly discovered security flaw affects the SSL (Secure Sockets Layer) security protocol of the Internet, specifically the Open SSL.
What SSL does is it encrypts your log in credentials and your personal information whenever you log into a website. Although there are different implementations of SSL made by different software makers, OpenSSL is used by over two-thirds of the current active websites across the globe.
What’s alarming is that the Heartbleed Bug managed to stay undetected for over two years, until its recent discovery. Although Facebook, Twitter, Google, Microsoft and Dropbox weren’t affected, Yahoo was, including OKCupid and Flickr.
Internet expert Ronald Prins of Fox-IT even tweeted the other day that by running the Heartbleed bug script, he was able to extract Yahoo usernames and passwords. Yahoo issued a statement that “As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”
There’s no ultimate way to protect ourselves. Until affected websites adopt the necessary fix, the only thing we can do on our end is to change our online account passwords.
To check if a website is vulnerable to the Heartbleed bug, there’s a simple tool on the internet published by Developer and cryptography consultant Filippo Valsorda, known as the Heartbleed Test. As much as the tool isn’t really a hundred percent reliable, you can also check affected sites’ official blogs and twitter feeds to know their current status.