Heartbleed: What You Need To Know About The Massive Internet Security FlawCecily Kellogg
If you’re not a technology security expert, it can be easy to disregard the OpenSSL cryptographic software library security flaw called Heartbleed. Admit it just seeing the term “Open SSL” is enough to cause your eyes to glaze before even reading the rest. But this is a huge issue that can affect everyone in your family.
Here’s a simple breakdown.
We often share private information online in emails, or on shopping sites where you provide your credit card information trusting the sites when they say they protect your private information. You know a site is safe when you see the little lock next to the place you provide your private data.
OpenSSL is that lock, in a manner of speaking, and on March 14, 2012, someone created a bug that allows a hacker to get what is known as “crown jewels” the encryption keys that protect your information.
So are you affected? Here’s what the Heartbleed information site that exposed the flaw states:
“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.”
So does this mean you should run out and change all your passwords? The answer is a complicated maybe. Some sites, like Yahoo, have claimed that they’ve patched the flaw so you can likely safely change your passwords (I know my Yahoo sign-in is used for Flickr, and Flickr has my credit card info on file thanks to the old days of Flickr Pro).
This is still a developing story, but you can expect that most of the places you have private information stored will work quickly to repair this leak, so plan to change your passwords in the next few days for the major sites. And remind your kids too everyone needs to do it.