1.21 Gigawatts of Awesome

How to Check for the OpenSSL Heartbleed bug

So what is this “heartbleed” bug? OpenSSL is an open-source encryption security service that a large percentage of websites utilize to secure your information like passwords, messages, and credit card transactions. Sometimes, a computer needs to check if it is still talking to another computer/server, so it sends out a small data packet called a heartbeat. The security flaw, known as a heartbleed, allowed a cleverly-disguised packet of data that appeared to be a heartbeat to communicate with the server, and tricked the server into sending back saved data. Additionally, taking advantage of the flaw does not leave a trace. Uh oh…what are the risks? All websites capture data, and websites that you frequent will capture data such as passwords, bank information, and more. The security flaw unfortunately allowed hackers to gain access to encryption keys, which, in turn, can be used to decipher the encrypted data that is sent from your computer to a website and back. OHGAWD NOW WHAT For the most part, the security flaw was patched and fixed on servers before they released that there was a bug in the system. You should still take precautions and check your accounts with the sites you normally use, especially those with passwords and credit card information.  You can easily double check to see if sites you frequent were affected by visiting: http://filippo.io/Heartbleed/ Quickly tells you if the site was vulnerable, fixed, or unaffected. If you get an error code, check out their FAQ, and then visit:   https://lastpass.com/heartbleed/ Tells you the last date their SSL was updated, if it is vulnerable, or if it does not use OpenSSL   Or CTRL+F to see if a site was vulnerable at the time: https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt   For the most part, this under control, but you should check it out for yourself to put your mind at ease. Enhance your calm. Sources: heartbleed.com | GitHub | GitHub...

read more