What Is Heartbleed?
Heartbleed is the name they gave a recently discovered internet security hole.
Basically, every time you log into a website with your password, then your computer talks to the internet and shares your password over a secure channel.
This secure channel is known as OpenSSL, which stands for Open Source Secure Socket Layer.
The security hole called Heartbleed is a way for hackers to "listen in" on what computers are sending through the secure channels over the internet.
Here is a list of dangerous things hackers can potentially listen for and collect:
- Some banking and government site passwords.
- Steal passwords from Google, Yahoo, Minecraft, Netflix, Amazon, Flickr, Youtube, Dropbox, Wikipedia, Box, IFTTT, Facebook, Instagram, Tumblr, Pinterest and many more sites.
- Android phone passwords.
- Anything else that is transmitted over OpenSSL.
You can google the word, "heartbleed", and the name of your service, like "google", to see if that service has been compromised. I plan to put up an article soon listing all the servers out there that have been publicly known to be compromised. Check for that later on in my article collection.
What Should You Do Immediately?
It is highly recommended to change ALL your passwords. Yes, dear frantic reader, I mean ALL.
Then, in addition, set a calendar reminder to change them again two months from now. Heartbleed isn't dealt with yet so it is still out there recording passwords. If you change your passwords now, and it is still recording them, then it might learn your new password. That's why I recommend changing your passwords again in 2 months time.
Right now this Heartbleed bug is so new that we all don't really know where this is going to go. With reportedly 2/3's of servers being vulnerable on the internet it is simply best to play it safe.
A good approach would be to change your main passwords first; like Google and Facebook. Oh, and your banking passwords should be changed, of course!
Again, I plan to put up an article soon listing all the servers out there that are publicly known to be compromised. Check for that later on in my article collection.
Good luck and keep your fingers crossed out there!