Heartbleed is a virtual bug that has found a way to beat many online security systems, and it’s something that could have tremendous impact on online users.
The bug is incredibly dangerous for users, as it can infiltrate website codes and find user names and passwords. It’s not your typical virtual virus, according to ReadWrite.
“The short version is that it's a vulnerability in the way your browser talks to a website over an encrypted channel,” ReadWrite reported. “An attacker could theoretically take advantage of the bug to unravel the secure channels used by banks, e-commerce sites and other sensitive locations to steal passwords and other sensitive information.”
The Washington Post also offered a list of things users should know about the Heartbleed security malfunction, offering frequently asked questions to help users understand the bug.
“It’s as if your front door has a defective lock,” wrote Gail Sullivan for The Post. “Someone could get in as long as it’s not fixed. But that does not mean they’ve already gained entry.”
Unfortunately, users can’t do much about it.
“The problem is mostly on servers,” Sullivan said. “A fix is available and being implemented by Web companies. Most experts are advising consumers not to rush out and change their passwords until the fix is complete.
There’s an online search that allows users to check websites to see if their login details can be stolen. The Atlantic reported on the search device, giving a step-by-step guide on how it can be used. Writer James Fallows wrote for The Atlantic that if a site is marked as safe, it would make sense to change your password for that website.
“Reasoning: If you change it now, it's possible that a still-active hacker will capture info today,” Fallows wrote. “But if you don't change it now, anything exploited in the past two years is still vulnerable.”1 comment on this story
And The Los Angeles Times said that this bug puts Web security at a severe risk. There’s so much uncertainty with the Heartbleed situation, leading to a lot of questions that might not have answers.
"The scope of this is immense," said Kevin Bocek, who works for Venafi, a Salt Lake City cybersecurity company, to The Los Angeles Times. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now."