What it does is relatively simple in the end; it extracts bits of memory a little at a time and sees if there is anything of value in the chunk it extracts. It may be nothing, but it may be account information, a social security number, a username, a password, or other important information.
It has affected hundreds of thousands of sites, all of which use the Open SSL protocol. Most of them have now been patched, but it is very important you not use these sites until you can be sure yours has as well. You can contact the site if you have their contact information, or you can use The Heartbleed Test or The LastPass Heartbleed Test to check if the server has been patched up or not. If it has, change your password. If it hasn't, don't change your password until it has, or your *new* password could be taken.
Many popular sites, including Google, Facebook, Tumblr, Imgur, and Yahoo were affected, and many of them should have indicated via email whether they've been fixed up.
This vulnerability and bug has apparently been around for a couple of years, and at least now it is hopefully being taken care of.
I went through and tested all of the sites that I frequent such as USAA.com and NavyFederal.org. These sites all passed the Heartbleed Test buts came up as a possible security risk on the LastPass Heartbleed Test. I wouldn't trust the test and would recommend contacting the site administrators. The two sites mentioned above have been fixed.
ReplyDeleteAt work today they sent a mass e-mail urging all employees to change all their personal passwords to every account they have, but I don't know why would they do this if maybe the site hasn't been patched yet. I have many friends that don't know much about computers very concerned and once again saying how they don't trust technology and are closing down accounts. Of course this is very extreme (what they are doing) but just comes to show you the effects of this virus, really gets to the point that freaks some people out as much as Y2K did.
ReplyDeleteI appreciate the links which you have provided so that I could test the sites I use most frequently. The response that I received when I tested Hotmail.com was that something went wrong, "broken pipe" which apparently can be counter-measures, firewalls and IPS closing the connection or sink-holing it when they detect a heartbeat. I will continue to test various sites as I use them
ReplyDeleteThank you so much for posting this. I checked all of my regular sites and everything was either fixed or unaffected. Thanks again!!
ReplyDeleteThank you so much for posting this. I checked all of my regular sites and everything was either fixed or unaffected. Thanks again!!
ReplyDeleteThis is scary, that's s significant amount of websites! The ones I most often use came back fixed or unaffected. I will definitely be monitoring my bank and credit card accounts very closely for the next few months.
ReplyDeleteI found this interesting because a lot of people I know use the same password for everything. I did go ahead and test the sits that I use the most and thankfully they have been fixed. I did not know that Google was one that was affected and I just went on there and changed my password. Thanks for posting the link to test the websites! It is amazing to me how many big named websites have been affected by this.
ReplyDeleteStephanie Theobald
I just checked all the wesites that I ever use and they all came out fine. I'm changing my password just in case. I rather be safe than sorry.
ReplyDeleteThanks for making us aware of this. I do everything online from banking, investing, communicating, and buying. Although, I use different passwords for my banking, than I do for all my other sites I am affiliated with, it is better to be safe than sorry.
ReplyDeleteI agree, I also do everything online. I need to check my sites, as well as start changing my passwords. I am very hesitant about continuing doing anything online at this point.
DeleteMya Taylor
Great! All are good except live.com. I changed the password even though they said wait until there is a fix.
ReplyDeleteWow!!! this is cool. These days is so hard to trust your information with any site just because there are so many people out there waiting for companies to make a security mistake or trying to provoke one. Thankfully all the websites I use were completely safe.
ReplyDeleteThis is concerning and something everyone should be aware of. I do tend to use a lot of the same passwords for each site that I use. I should now go and make sure I change a few of them up.
ReplyDelete-Kristen Lalli
Oh wow, this is so concerning. The internet shouldn't be trusted in the first place, therefore, I'm really careful to where I share my personal information especially my social security. Glad that the sites affected are getting fixed though.
ReplyDeleteThis is a serious matter, and I am glad you posted this. There is a big trust issue when it comes to using the internet period, there are so many things a user has to worry about when doing basic transactions online. It is crazy because I read this post yesterday and not to long after my job's entire system had went down (just came back up this morning). As well as I know several people that work for big credit card companies and there systems were also down yesterday. I will be checking the websites I reguarly use at home to ensure they have been fixed and I will be changing my passwords. I would hate for someone to have my personal information and commit an act of fraud.
ReplyDeleteI didn’t get a chance to read this post and article on Wednesday when the outbreak was announced. However, I received several notifications via my organization’s e-mail to change my passwords due to the Heartbleed bug. At the time, I had no idea what they were talking about. Now that I read what this is about, I went into all my system sand changed my passwords. I’ve been using those tests to ensure the websites I am using are safe. I’m trying to be extra cautious because I also had my debit card compromised recently, so I need to be more careful about the websites I am providing my debit card to. Thanks for providing this information. I think when things like this occur, it’s hard for the public to understand what’s really going on, but when you break it out in terms we can understand it educates us and allows us to take proper actions.
ReplyDeleteThank you so much for posting this information! Everyone assumes that their information is safe using supposedly "secure" sites online. Regardless, I feel there is always going to be a threat of hackers and identity-thieves. I will definitely take advantage of the Heartbleed Test, it is better to be safe than sorry. I thank you for educating the class about this serious issue and posting it on the blog.
ReplyDeleteThis is something that is very scary to think about and to actually know that it could have happened to you and you didn't even realize it. It is nice to know however, that there is a test that you can run on sites that you use to make sure that no information is being taken from the sites. I will definitely use the test on sites that has more credit card information on them and other sites as well. Thank you for posting this blog for use so we can protect ourselves.
ReplyDeleteShane Booth
Wow I have actually not herd of this bug. Thank you for posting about it, it is crazy how this has been happening without me know anything about this bug. Good thing that there is a test that will help you detect if the website is patched or not. I fear that once all the websites are patched that the creators of this bug will just make a better more sophisticated bug that'll take more then just your password. The people creating bugs and viruses are always one step ahead of the security systems.
ReplyDeleteWow I have actually not herd of this bug. Thank you for posting about it, it is crazy how this has been happening without me know anything about this bug. Good thing that there is a test that will help you detect if the website is patched or not. I fear that once all the websites are patched that the creators of this bug will just make a better more sophisticated bug that'll take more then just your password. The people creating bugs and viruses are always one step ahead of the security systems.
ReplyDeleteI just received an e-mail from Pinterest about this issue! But none from other sites such as FaceBook. I wish more companies would go the extra mile to reassure their consumers about these issues like Pinterest did for my account. I appreciate you posting this blog it was extremely beneficial.
ReplyDeleteThanks for the update on this bug. I haven't heard of it. It sounds a bit scary to know that this type of bug can interject into our information. Its good to know there is a solution to check servers for vulnerability holes. I definitely do not want my information to get into the wrong hands. I like reading these blogs because they become a great forum of IT awareness and I sometimes pass them to my IT co-workers.
ReplyDelete