Hey guys, as I'm sure some of you have already heard, news recently broke about the Heartbleed bug. This bug is not a hoax and poses a serious threat to private user information across the web.
Why is it a threat?
The hearbleed bug is a vulnerability in the Open SSL software which 66% of all websites use to secure their sites. You know that little lock that appears by the address bar at the top of your browser when you are logging in, or conducting transactions in a game or through steam, or just moving money around in paypal? That is Open SSL and it is supposed to protect our information and keep it secure. 2 years ago an SSL update occurred, and unbeknownst to everyone the update contained a serious bug.
This bug allows anyone on the internet to read the memories of the systems supposedly protected by SSL. This can be done by attacking the system and it compromises the security of the keys that these sites use to encrypt traffic, usernames and passwords as well as the actual account itself.
Can it be detected?
The scariest part of this bug is that these attacks cannot be detected. The attacks take 64 kb at a time, which may seem like a small amount of information, but the attacker can set it to continuously attack the system to farm information and build lists and compilations of user data.
Is it being fixed?
A patch has already been created and is in the process of being deployed, however the extent of attacks and how much information has already been stolen in attacks cannot be known, but most analysts are assuming the worst. The service providers must implement the fixes themselves, which may take some time.
What can I do to protect myself?
The best thing you can do is to go to your important accounts, your emails, banking accounts, paypals, facebook, school accounts, etc. and change your passwords, keep an eye on your accounts across the board and if you see suspicious activity protect yourself by changing the accounts password immediately and just be careful. Until it's fixed across the board there is no telling when or where information is being stolen so it's best to protect yourself now, take a day off and just change all your passwords to be safe. That includes your password here.
Sites that have been patched
For those of you wondering which sites have been effected, which sites were not affected at all, and which sites have implemented a patch here is a master list. http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/