On the scale of 1 to 10, this is an 11
and rightly so. We use the Internet today to have private conversation with friends and family, conduct businesses, and perform online transactions that are secured by encrypting traffic between a client (you) and the server using a set of protocols called Secured Socket Layer (SSL). SSL ensures that the communication between user and server is encrypted by exchanging a set of public and private keys. It is the digital version of two people having two keys to unlock a locked case. Heartbleed, a bug discovered by a member of Google security team and Codenomicon, strikes at the heart of SSL protocol: making a copy of the key to unlock that case and get access to whatever it is that you or the server have put in there.
Sounds horrible enough, right? Indeed it is. By far, any person or organization executing Heartbleed bug on server would’ve gotten access to major social media and banking applications and can exploit these services to get access to private information or committing financial fraud.
Fortunately there’s a way of knowing if any of your online services were affected or not so I spent a better part of last night creating a script that would check a list of social media and banking websites for openness to vulnerability. I’m putting up the list in this blog. If any web app you use is in the list of affected apps, you must change the password of those applications RIGHT AWAY. That is, of course, if you don’t want Neo to read your private conversation on Facebook or transfer all of your money into his account. I realize after knowing the seriousness of this bug, you are on the edge of your seat, waiting anxiously for the list. Well, here you go. Continue reading