Here we go. Another online security alert, reports of widespread personal information vulnerability, dire warnings, alleged security breaches at the biggest websites around and a general the-sky-is-warning panic by the Media.
It’s all about something called the Heartbleed bug, a wide-reaching security vulnerability in the SSL (Secure Socket Library) computer code used to secure something like 20% – or one in five – of the websites on the Internet. The sites with SSL start with https://, not the normal http://. Not all https:// sites are or were vulnerable. But all sites that were do start with the https:// prefix.
According to CNET, an attacker can exploit Heartbleed to essentially “get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”
The problem is, the flaw has been exploitable for at least two years, and it was only discovered Monday. Nobody knows for sure whether hackers have been quietly stealing personal information for months. Some compromised Yahoo! accounts have had passwords lifted, according to reports.
What we do know is this security hole is potentially one of the most serious yet.
This is if you went away on a six month vacation and forgot to lock the back door to your house. If a burglar went tsnooping around and tried it, well, they could take anything because they’d have access.
That’s why so many normally staid security experts are sweating bullets. This security flaw is as big as they get. Tens of thousand of websites who used SSL to handle the user names, passwords, credit card numbers and more of millions of people have been at risk. Their back doors were open.