Firstly, if you haven’t heard about it (which would be quite an achievement), Heartbleed is the catchy but alarming-sounding name given to an error in the code of a bit of widely-used software called OpenSSL, which encrypts data on ‘secure’ websites. OpenSSL is used on maybe around two-thirds of secure sites on the web (so that’s two-thirds of sites that start with https:// and have the little padlock symbol displayed). The error allows an attacker to trick a website’s server into giving them a small random chunk of data from the server’s memory, which could be anything – something harmless, some sensitive data, a password, or an encryption key.
Some reports imply that hackers are just taking specific data at will, but they have to go through multiple attacks, getting little chunks of random data at a time and hoping they turn up something useful. It’s still not good, but it’s not the same. And the chances that you have been compromised are probably very slim (more…)
Filed under: All, Industry news, News, Technical stuff | No comments yet