Heartbleed is a flaw in OpenSSL. Occasionally, one computer may want to check on another computer to ensure that there is a secure connection on the other. In order to do so, it will send out a small packet of data that will ask for a response – like a heartbeat.
However, researchers discovered that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory. To make matters worse, it has recently been realized that the code in SSL has been opened for the past two years and doesn’t leave much of a trace.
This raises several important questions, not only for testers and developers, but also for the average web user. Let’s take a look at a few in particular:
1. Are You Affected?
Probably. Since hundreds of thousands of sites were affected, chances are that you have used at least of them on a fairly regular basis. While there is no way to tell with 100% certainty, many experts are urging people to take the necessary precautions, which leads us to our next key question…
2. How Can You Protect Yourself?
According to Business Insider, the best way to tackle this problem is to assume that the worst has already happened. Most major service providers are already updating their sites and taking proactive security measures, but you should also go through and change your passwords as well and assume that your accounts have already been compromised (as awful as that sounds).