Heartbleed Bug

There is a serious bug in the popular OpenSSL software. Wait, what does this mean and what can I do?

What is this?

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Find out more on heartbleed.com

What does this mean?

SSL or TLS is a cryptographic protocol, which should provide a secure communication over the internet. OpenSSL is one software you can use to achieve that. In fact over 60% of all active HTTPS servers use OpenSSL. Anything can use SSL/TLS: A website, e-mail provider, instant messenger or even a vpn-network.

With the Heartbleed bug this communication safety is destroyed and could possible be hijacked. They could pretend to be you or read any information you enter into forms.

What can I do?

This question really depends who you are. If you're a consumer, you should check all the sites (that use TLS/SSL) you are registered on and find out if the developers fixed the bug on their servers. If they fixed it, go and change your password, just to be safe. You can use different tools for finding sites, that are still affected by Heartbleed or go through this list of infected sites. Mashable also has a list of sites you should change your passwords on right now.

If you have some servers of your own, that use SSL/TLS (OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable) - go and update to the latest version for your operating system.

Also regenerate your SSL certificate, because if you've been compromised, someone probably has your keys, and will be able to decrypt your traffic. You also should regenerating your session cookie and force your users to authenticate again.

More Information

The bug was first mentioned on the openssl.org vulnerabilities news site, but it quickly spread to other popular sites like cloudflare.com and twitter, where I read about it.

Oh and there is a xkcd comic on how the hearthbleed bug works.

You can find out more on heartbleed.com.