The HeartBleed Bug Runs Rampant!
The big news this week in the tech world is the HeartBleed exploit. OpenSSL is used by many websites to secure their web traffic. Secure socket layers (SSL) provides encryption for websites to encrypt and protect the flow of data.
However, Open Source is “taking it on the chin” from a lot of corners that were already opposed to Open Source in the first place. The accusation is that because OpenSSL is an Open Source project, and that so many people have eyes on the source code, that that is allowing exploits to be developed. In fact, the opposite is actually true! The more eyes that are on the source code, the easier it is to find holes and patch them. However, as my colleague at work, that I’ve chosen to call “JoeBob Not-his-real-name,” says: “Anything created by man is inherently flawed.”
The HeartBleed bug, known by the rather difficult to say name, CVE-2014-0160, has been spreading out on the Internet for the last two years, and there’s even some speculation that the NSA has been exploiting the bug for some time to gather information from websites.
Whether this is true or not, it is true that this exploit provides a hacker access to be able to read usernames and passwords from anyone that uses the websites that are using OpenSSL.
This is a HUGE problem, and for this reason, you need to change your passwords immediately on all sites that use OpenSSL, among those are: Facebook, Gmail, and Twitter.
So, get out there and change those passwords! And, Oh, by the way, you should be using something like LastPass to provide very secure passwords for all of your websites, which you can then access by a single password into your LastPass account!