Heartbleed OpenSSL Vulnerability, What Does it Mean for You?

The Heartbleed OpenSSL vulnerability has received much press as of late but what does it mean for you?  Let’s take a quick look at what is Heartbleed, what it’s impacting, and what you can do to protect yourself!

What is Heartbleed?

Heartbleed is a software vulnerability specific to a particular process, called OpenSSL, used to encrypt data on the internet.  This vulnerability was inadvertently coded into OpenSSL starting in early 2012 so the issue has been heartbleedaround for a while.

When two computers talk to each other over a secure channel over the internet one computer will occasionally send a signal to check if the other computer is still connected to ensure the communication should continue.  This is described as a heartbeat, which is where the exploit receives its name.

What does Heartbleed affect?

Microsoft based services are unaffected as they do not use OpenSSL, they use a similar process known as SChannel which is not susceptible to the Heartbleed vulnerability.

However, there are many websites using non-Microsoft technologies that do employ OpenSSL and may be vulnerable.  A few of the top websites that could be affected are Facebook, Instagram, Pinterest, Tumblr, Google, and Yahoo.  This is just some of the websites that could be affected.

If you have an account on affected website there is a possibility your password has been compromised.  Due to the nature of this vulnerability it is difficult or impossible for a company to accurately detect if a password has for sure been compromised.

How can I protect my information?

It is strongly recommended that if you have an account on a potentially compromised website that you change your password.  However, be sure you do not change your password on that site until they have issued a statement that a patch has been installed to protect against Heartbleed.  If you change your password prior to the patch being put in place your new password will be vulnerable as well.

Check mashable.com for a full list of websites that may be affected and if you should change your password.