Change Your Passwords Immediately!
heartbleed is a ridiculously scary vulnerability in OpenSSL crypto library used by servers all over the world. The bug allows an attacker to steal highly sensitive data as if there was no SSL/TLS security at all. All varieties of data applications are vulnerable in this instance including, web, instant messenger, mobile, email, VPN’s and even your e-mail.
When you visit a website and you see that the URL in your browser starts with an HTTPS it indicates SSL is being used to secure your connection. Now not all sites utilizing SSL are vulnerable. Just those using the extremely popular OpenSSL library versions 1.0.1 through 1.0.1f.
The scariest part about all this is that it affects nearly every major server to some degree. Even windows servers running IIS have load balancing servers, mail servers and all sorts of other support servers that likely use OpenSSL.
[headline style=”3″ color=”red” tag=”h1″]Bottom line is that everyone should be changing their passwords today, and not just for vulnerable sites. [/headline]
The truly scary part is if the server in question has been infiltrated prior to upgrading to the latest secure version of OpenSSL. In order to be certain your customer data is secure you need to upgrade then reissue your SSL certificate. This is very costly and is a step that many webmasters, especially of smaller websites will likely skip.
You can view a fuller list of sites and if they have been patched or not here at Cnet
Even worse this hack is not hard to deploy! A popular security auditing tool called metasploit has the heartbleed exploit alread available for download and use for good and bad intentions. What does this mean? It means that the 15 year old kid down the street that thinks he is a hacker can steal your sensitive information.
Watch the video below to learn more about how heartbleed works.
Short List Of Popular Webites Vulnerable as of 4/9/2014