Heartbleed is a serious security bug within the OpenSSL protocol. OpenSSL is common system for encrypting information exchanged between you and web servers. It’s mostly used on ‘sensitive’ websites, such as email providers and online retailers. The page you’re viewing now is not encrypted using Open SSL because it contains no sensitive information to protect.
How does this affect me?
The Heartbleed bug mainly affects web servers, rather than your personal PC, but anyone who uses encrypted websites is at risk. The exploit means a hacker can obtain information from the system memory of an unpatched web server, which if repeated often enough could allow them to obtain private encryption keys, credit card information – pretty much any sensitive information stored on that server.
Not all secure websites use OpenSSL, but a large proportion (approx. 66 per cent) do use it, which is why it’s considered such a huge issue. Respected security expert Bruce Schneier is on record as saying the flaw is “catastrophic”. The issue is not just how sensitive the information that can be accessed is, but also because it’s almost impossible to detect. While most providers can say they have no evidence of a breach, there’s no real way for them to verify this as fact.
German computer programmer Robin Seggelman has been outed as the man whose coding mistake, now known as Heartbleed, has left millions of internet users and thousands of websites vulnerable to hackers.
The discovery, by Google engineers, has prompted experts to call on people to change their passwords to most, if not all, websites they subscribe to after site owners have fixed their vulnerabilities.