Sites Affected By Heartbleed Bug You Should Change Your Passwords For
If you haven't already heard, a massive Internet security bug was recently discovered. The bug, named Heartbleed, is a flaw that affects one of the most commonly used encryption software programs in the world.
Basically every server or site that wants to send information in an encrypted fashion uses some cryptographic protocol, and there is a number of them, such as SSH and SSL.
OpenSSL is an open source protocol that works fine and is used on Linux machines as well as many Unix/Windows machines since it's built in C, quick and free.
Unfortunately, there's a bug that allows a hacker to intercept encrypted information.
According to Heartbleed.com, how it works is that there's a routine where the server and client send and resend (echo) information to make sure they're both there.
The method used to do it is fine; however, there's a field where the server asks the user to define the size of a particular packet of info - this is where the bug lies. You can lie to the server and give an invalid packet size, allowing you to leak into nearby information, which in many cases is precisely passwords and such.
It's a simple bug but it's pervasive in the sense that at least 60 percent of the secure internet probably uses OpenSSL.
Many major websites affected, including Google, Facebook, Yahoo and Amazon, have said they will update their services with a patch for the bug. However, once updated, it's up to users to change passwords for the site.
To check if they've plugged the vulnerability to the Heartbleed bug, go to LastPass.com and enter the URL of the site you have a question about. Check out Mashable's list of sites that you should change your passwords for as soon as possible.
Here's a summary of websites allegedly affected by the Heartbleed bug:
Social Networks: Facebook, Twitter, Instagram, Pinterest, Tumblr
Companies: Google, Yahoo
E-mail: Gmail, Yahoo Mail
Stores/Services: Amazon, GoDaddy, DropBox, OKCupid
"It's a big deal for Internet users, especially when it comes to protecting financial information," Joe Siegrist, CEO and cofounder of LastPass, told Mashable. "Some financial organizations are using more conservative web security choices like Microsoft, which is not vulnerable to the bug, so users should check and see if their bank has been affected."