The Heartbleed Bug is a massive vulnerability in OpenSSL, also know as SSL/TLS, which thousands of sites online use to protect key user data. Sites like GMail, Facebook, Tumblr, and hundreds of other which use the open source code to encrypt users passwords and other personal information. Software and code have security vulnerabilities which enable people to steal data, but Heartbleed is different because it left large amounts of private user data exposed.
The problem isn’t a design flaw but a problem in the OpenSSL Library, and has now been closed so sites can continue to use OpenSSL. The vulnerable code has been out for two years, but its unclear how long this code has been exploited by people with enough time and know how. Things are still settling but if a site was affected it has alerted users and is asking them to reset them passwords. The good folks at Mashable have started to compile a list of sites affected and not affected.
No one knows if hackers were exploiting the bug, so its hard to measure the real world impact of this security bug. The Target breach was massive but this Heartbleed bug could dwarf the size of that attack. The bug was discovered by an independent security engineers, Codenomicon, and they first reported it to the OpenSSL team.
As its unclear of the real damage, but we would recommend keeping a close eye on your internet accounts as we don’t know if the real danger has passed. The Heartbleed bug has been covered by mainstream media because this bug possessed such a risk to the normal user. Tell us in the comments below what you thought about the Heartbleed bug and if you thought it was as bad as first reported?
Heartbleed , Codenomicon