The Heartbleed bug - a software vulnerability in the popular OpenSSL library - made a big splash in the Internet a couple of weeks ago. While dozens of security issues are discovered every day, Heartbleed was different in that it affected a core library used by almost all of the big web providers, including Google and Facebook.
The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords were had been exposed to attackers for nearly half a year. Even though the issue was fixed instantly, there was no way to tell if (and by whom) the issue had been exploited, and what accounts had been compromised.
The current status
As a follow-up the following measures are recommended:
- Users who haven’t changed their passwords / pin codes yet should immediately do it, especially for critical web services such as online banking.
- Web server admins should make sure that their servers are properly patched. A free scanning tool is available at: http://www.yarubo.com/heartbleed
- Heartbleed also affects mobile devices. According to Google, devices running Android 4.1.1 are vulnerable to the attack. Users who own such as device should refrain from using to to access sensitve applications and install updates as soon as they become available.