There was a lot of panic on the internet yesterday – it was announced that the once safe “https” sites weren’t as safe as we once thought. Some websites running SSL encryption, such as Airbnb or Pinterest, were exposed to a major security bug called Heartbleed on Monday.
The bug was reportedly discovered by a member of Google’s security team and a software security firm called Codenomicon.
A list on GitHub lists which website are vulnerable and which are not – however to be safe it’s best to change all of your passwords.
The bug affects web servers running Apache and Nginx software, and it has the potential to expose private information users enter into websites, applications, web email and even instant messages.
One of the messages on the Heartbleed homepage, states:
[The Heartbleed bug] compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content… As long as the vulnerable version of OpenSSL is in use it can be abused.
It is advised to keep an eye on all of your banking activity. Wait for an official announcement from any secure website or service that you use. After it has been announced a security update has been installed, change your passwords.