This past Monday, the world was introduced to Heartbleed, a bug in OpenSSL that allowed hackers to access sensitive user data.
OpenSSL is an an encryption tool installed on servers hosting as much as two thirds of the entire Internet, including sites like Yahoo! Mail and OKCupid. The Heartbleed bug allows a hacker to look through the memory of these sites to find what should be protected information.
This kind of pandemic web security exploit is unprecedented, to say the least.
“‘Catastrophic’ is the right word,” wrote web security blogger Bruce Shneier on his site. “On the scale of 1 to 10, this is an 11.”
While some have reported that you should run around changing your passwords, programmers and systems engineers say that won’t do you any good:
Dear press; Please stop telling people to blindly change all their passwords. It's the worst thing you can do on #heartbleed vulnerable apps
— Steve Pereira (@SteveElsewhere) April 9, 2014
The fact is, changing your password doesn’t magically undo this massive vulnerability in OpenSSL. Before your information is safe from Heartbleed, the affected companies have to update OpenSSL with the latest patch, which was released Monday. If those companies haven’t updated their software, changing your password won’t do you any good.
Until then, your best defense is just to keep the hell away from affected sites, which you can identify with this convenient web app.