Tech

Sites Affected By Heartbleed Bug You Should Change Your Passwords For

Heartbleed
(Photo : PHOTO: HEARTBLEED.COM) Newly discovered security bug exposes millions of usernames, passwords and credit card details on thousands of sites.

If you haven't already heard, a massive Internet security bug was recently discovered. The bug, named Heartbleed, is a flaw that affects one of the most commonly used encryption software programs in the world.

Basically every server or site that wants to send information in an encrypted fashion uses some cryptographic protocol, and there is a number of them, such as SSH and SSL.

Like Us on Facebook

Wickr Set To License Its Encryption Technology To Other Messaging Apps

OpenSSL is an open source protocol that works fine and is used on Linux machines as well as many Unix/Windows machines since it's built in C, quick and free.

Unfortunately, there's a bug that allows a hacker to intercept encrypted information.

According to Heartbleed.com, how it works is that there's a routine where the server and client send and resend (echo) information to make sure they're both there.

The method used to do it is fine; however, there's a field where the server asks the user to define the size of a particular packet of info - this is where the bug lies. You can lie to the server and give an invalid packet size, allowing you to leak into nearby information, which in many cases is precisely passwords and such.

It's a simple bug but it's pervasive in the sense that at least 60 percent of the secure internet probably uses OpenSSL.

Many major websites affected, including Google, Facebook, Yahoo and Amazon, have said they will update their services with a patch for the bug. However, once updated, it's up to users to change passwords for the site.

To check if they've plugged the vulnerability to the Heartbleed bug, go to LastPass.com and enter the URL of the site you have a question about. Check out Mashable's list of sites that you should change your passwords for as soon as possible.

How To Protect Yourself While Using Public Wi-Fi Networks

Here's a summary of websites allegedly affected by the Heartbleed bug:

Social Networks: Facebook, Twitter, Instagram, Pinterest, Tumblr

Companies: Google, Yahoo

E-mail: Gmail, Yahoo Mail

Stores/Services: Amazon, GoDaddy, DropBox, OKCupid

"It's a big deal for Internet users, especially when it comes to protecting financial information," Joe Siegrist, CEO and cofounder of LastPass, told Mashable. "Some financial organizations are using more conservative web security choices like Microsoft, which is not vulnerable to the bug, so users should check and see if their bank has been affected."

© 2014 Design & Trend All rights reserved. Do not reproduce without permission.
Email Alerts

Featured Video : Verizon Duo Cam

Design&Trend TV

SPOTLIGHT

Latest Stories

Real Time Analytics