Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

What is the Heartbleed OpenSSL Bug, and how can you protect your PC?

A serious vulnerability in the OpenSSL Internet encryption protocol known as the Heartbleed bug has potentially left the information of most Internet users vulnerable to hackers.

That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active websites, and has existed for roughly two years.

Recommended Videos

OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.

“Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously,” Codenomicon warns.

The security researchers who uncovered the hole say that hackers who exploit the Heartbleed bug can steal all that and more, even instant messages and business documents. The researchers tested the flaw out for themselves, and discovered that they were able to steal such information without leaving any trace of their attack, and also without the benefit of any “privileged information,” including log-in credentials.

What can you do to protect yourself from the Heartbleed bug?

Aside from avoiding affected sites, which reportedly include Yahoo and OkCupid, and changing your passwords, there’s not much much you can do to safeguard your data. It’s up to individual companies to update their websites and services to use the fixed version of OpenSSL, which plugs the hole left by Heartbleed — stanching the bleeding, so to speak. The researchers that took the wraps off the bug say it’s the responsibility of operating system vendors, software makers, and network hardware vendors to use the new version, which they call FixedSSL.

At this point, both Amazon and Yahoo are working to apply the fix across all of their services, with the latter indicating that they’ve done so across most high-profile web properties, including Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Meanwhile, Amazon states that it has applied the fix to the majority of its services as well. You can read Amazon’s statement on the matter here.

At this point, it’s unclear how much damage has been done by Heartbleed. In the meantime, here’s a list of sites which have reportedly been affected. Also, the U.S. Department of Homeland Security has published a blog post, offering these tips on how to secure yourself from Heartbleed.

  • “Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.”
  • “Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages”
  • “After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.”

Be sure to read our guide to What Websites are affected by the Heartbleed bug and How to Protect Your Android from Heartbleed. We also have a robust list of Android, iOS, and Windows Apps Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What do you think? Sound off in the comments below.

Konrad Krawczyk
Former Computing Editor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
OpenAI is releasing an AI that can control your PC — if you cough up $200
The ChatGPT name next to an OpenAI logo on a black and white background.

OpenAI may be one step closer to releasing its agent tool, called Operator, which is on track for January 2024 availability.

The artificial intelligence company first announced the Operator AI agent in November 2024, explaining that the browser-based tool is autonomous and is able to complete tasks on a computer without human assistance. OpenAI added that Operator would be first available as a research preview within the $200 ChatGPT Pro subscription plan.

Read more
OpenAI’s Advanced Voice Mode can now see your screen and analyze videos
Advanced Santa voice mode

OpenAI's "12 Days of OpenAI" continued apace on Wednesday with the development team announcing a new seasonal voice for ChatGPT's Advanced Voice Mode (AVM), as well as new video and screen-sharing capabilities for the conversational AI feature.

Santa Mode, as OpenAI is calling it, is a seasonal feature for AVM, and offers St. Nick's dulcet tones as a preset voice option. It is being released to Plus and Pro subscribers through the website and mobile and desktop apps starting today and will remain so until early January. To access the limited-time feature, first sign in to your Plus or Pro account, then click on the snowflake icon next to the text prompt window.

Read more
New AI tool can tell you how to get what you want — from other AIs
a phone displaying the ChatGPT homepage on a beige bbackground.

AI chatbot company WiseOx has launched a new AI tool to help people communicate more effectively with AI. Named Pronto, this "AI Mascot" is specifically trained in prompt writing -- in other words, it's here to tell you what to say to other AIs so you can (hopefully) get the results you want.

We all know what coding is -- it's the way we give instructions to a computer so it can understand and produce the desired results. With large language models (LLMs), we can give our instructions in natural human language, but it turns out there are still effective and ineffective ways to do this.

Read more