Widespread Encryption Bug, Heartbleed, Can Capture Your Passwords

Some websites running SSL encryption, such as Airbnb, Pinterest, USMagazine.com, NASA, and Creative Commons, among others, were exposed to a major security bug called Heartbleed on Monday.

The bug was reportedly discovered by a member of Google’s security team and a software security firm called Codenomicon.

A number of other websites may, according to a list being distributed on GitHub, be vulnerable to the bug as well.

The bug affects web servers running Apache and Nginx software, and it has the potential to expose private information users enter into websites, applications, web email and even instant messages.

And while most security experts advise that you always use websites and services offering SSL security encryption whenever possible, the Heartbleed bug has the ability to allow malicious operators to defeat this security layer and capture passwords as well as forge authentication cookies and obtain other private information.

security patch for the bug was announced on Monday, but many websites are still playing catch up. That’s why websites like the Tor Project are, only somewhat tongue-in-cheek, advising that you stay off the Internet this week if you really care about your security.

Widespread Encryption Bug, Heartbleed, Can Capture Your Passwords.

Author: Blender Fox

Recreational road-runner, blender/CG rookie, linux user (LE-1, LPIC-1, SUSE CLA 11, SUSE 11 Tech Spec), programmer, avid tinkerer (I'm always breaking things), self-confessed anime & manga otaku & japanophile