“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.” Not only is this one of the most talked about bugs in the history of the internet, it was quoted as being “a, 11/10 on a severity scale” by Bruce Schneier. This bug has been out since 2011, which makes it so much worse.
SSL and it’s younger brother TLS are both encryption tools used to encode web traffic. About 66 percent of the internet currently use an open-source version of this tool known as OpenSSL. OpenSSL works with key pairs between you and the server to encrypt data so that none of your information is view-able in plain text. Every so often the server sends out a heartbeat, which asks the user if it’s still there. Here’s where the bug lies:
When this heartbeat takes place, data is being exchanged. The vulnerability lies in the fact that through this vulnerability you can request 64kb of memory, which typically holds a password, account names, account numbers or your private key.
If a third party gets your private key, SSL is useless. All of your web traffic is now view-able in plain text by the person who holds your key. If they get your password or credit card information — well, that’d be pretty bad, too.
But there are measures being taken. Programmers have already patches this vulnerability is OpenSSL, but the System Admins have to apply the patch, which isn’t that easy. There are also sites that will tell you if you’re vulnerable still.