Several security networks announced Wednesday that there is a security flaw in OpenSSL. In response, numerous sites including Tumblr and Pinterest have asked users to change their passwords. Tumblr states “this might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage and banking, which may have been compromised by this bug.”
What is SSL?
SSL is a secure socket layer that is the standard for Internet security, e-commerce and so on. This software gives you security when going about many of your day-today Internet activities such as sending emails. By scrambling data, SSL makes any information that is being sent be unintelligible to anyone other than the sender and the recipient of the data.
According to Heartbleed.com:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
In other words, it gives would be hackers the ability to steal data, much of which is stored on sites we would assume are secure. The bug has now been addressed.
However, if you are considering changing your password, any sites that you are planning on accessing online will have to have their certificates up to date, otherwise you could remain vulnerable until they do.
A major concern
There are no two ways about it, the Heartbleed bug is a major concern, and if you are in any way worried about information you store online, the solution is to change your passwords at your earliest convenience.
However, before you start convincing yourself that you are in immediate danger of having all of your personal information stolen while you sleep tonight, there is something you should bear in mind. This bug has been around for two years. It’s not as if it’s only been around for a matter of days and that you are at far greater risk than when you woke up last week.
The reality is, this is a bug that should be taken seriously, and changing all of your passwords may be a prudent course of action. However, the likelihood of you become a victim in the next 24 hours is probably not as high as some scaremongers would have you believe.
That said, it is always better to be safe than sorry and if you have he time to change your passwords today, you should.