What is the Heartbleed OpenSSL Bug, and how can you protect your PC?

heartbleed web bug potentially exposes untold amounts of private data heart bleed

A serious vulnerability in the OpenSSL Internet encryption protocol known as the Heartbleed bug has potentially left the information of most Internet users vulnerable to hackers.

That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active websites, and has existed for roughly two years.

OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.

“Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously,” Codenomicon warns.

The security researchers who uncovered the hole say that hackers who exploit the Heartbleed bug can steal all that and more, even instant messages and business documents. The researchers tested the flaw out for themselves, and discovered that they were able to steal such information without leaving any trace of their attack, and also without the benefit of any “privileged information,” including log-in credentials.

What can you do to protect yourself from the Heartbleed bug?

Aside from avoiding affected sites, which reportedly include Yahoo and OkCupid, and changing your passwords, there’s not much much you can do to safeguard your data. It’s up to individual companies to update their websites and services to use the fixed version of OpenSSL, which plugs the hole left by Heartbleed — stanching the bleeding, so to speak. The researchers that took the wraps off the bug say it’s the responsibility of operating system vendors, software makers, and network hardware vendors to use the new version, which they call FixedSSL.

At this point, both Amazon and Yahoo are working to apply the fix across all of their services, with the latter indicating that they’ve done so across most high-profile web properties, including Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Meanwhile, Amazon states that it has applied the fix to the majority of its services as well. You can read Amazon’s statement on the matter here.

At this point, it’s unclear how much damage has been done by Heartbleed. In the meantime, here’s a list of sites which have reportedly been affected. Also, the U.S. Department of Homeland Security has published a blog post, offering these tips on how to secure yourself from Heartbleed.

  • “Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.”
  • “Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages”
  • “After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.”

Be sure to read our guide to What Websites are affected by the Heartbleed bug and How to Protect Your Android from Heartbleed. We also have a robust list of Android, iOS, and Windows Apps Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What do you think? Sound off in the comments below.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Deals

Here are the 5 of the best antivirus solutions for your small business

Getting your business off the ground is hard enough, and dealing with viruses, hackers, and security breaches only makes it harder. These 5 antivirus solutions can help keep you protected.
Smart Home

Who should fix Internet of Things cybersecurity? Congress takes a crack at it

The Internet of Things (IoT) continues to be a murky world of networked gizmos, but Congress is trying to highlight the issue with new legislation that would set cybersecurity standards for these devices.
Computing

Teens using Google Docs as the modern version of passing notes in class

Google Docs is reportedly being used by teens as a secret communications app. Instead of passing notes, students are now using the software's live chat function or comment boxes to talk with their friends while in the middle of classes.
Emerging Tech

A.I.-generated text is supercharging fake news. This is how we fight back

A new A.I. tool is reportedly able to spot passages of text written by algorithm. Here's why similar systems might prove essential in a world of fake news created by smart machines.
Computing

HP’s Omen Mindframe headset keeps your ears chill, but might leave you lukewarm

The Omen Mindframe headset uses HP's FrostCap technology to keep ears cool during long gaming sections. While it delivers on keeping ears cool, it forgets some of the essentials of a quality gaming headset.
Computing

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Computing

Here’s how you can watch today’s Nvidia GTC 2019 keynote live

Nvidia's rumored 7nm Ampere graphics could debut soon. The company will be kicking off its GPU Technology conference at 2 p.m. PT today, Monday, March 18, and you can watch the opening keynote here.
Computing

There’s more space on MySpace after ‘accidental’ wipe of 50 million songs

MySpace is no longer a safe refuge for music and media produced in the 2000s. It said that almost any artistic content uploaded to the site between 2003 and 2015 may have been lost as part of a server migration last year.
Computing

HP’s spring sale cuts prices on the 15-inch Spectre x360 by $270

Looking for a new laptop to start off the spring season? HP has you covered and is currently running a sale that is cutting $270 off the price of the 15-inch touchscreen variant of its Spectre X360 Windows 10 convertible laptop. 
Computing

Intel and Facebook team up to give Cooper Lake an artificial intelligence boost

Intel's upcoming Cooper Lake microarchitecture will be getting a boost when it comes to artificial intelligence processes, thanks to a partnership with Facebook. The results are CPUs that are able to work faster.
Computing

Dodge the cryptojackers with the best torrent clients available today

Looking for the best torrent clients to help you share all of that wonderful legal content you own? Here's a list of our favorite torrent clients, all packed with great features while dodging malware and adverts.
Computing

The Unevn One is a portable desk that brings PC gaming on the road

Bringing a gaming PC outside your usual setup can be a challenge, but the Unevn One is the first all-in-one, portable gaming desk complete with a computer chassis and integrated monitor mount.