“Heartbleed” is a newly discovered security bug that affects OpenSSL encryption software across the web. This bug is estimated to have effected about 2/3 of sites on the web that encrypt data.
What is SSL encryption?
When you sign in to a secure site, you’ll notice a ‘lock’ icon in your address bar, or the https: (vs http:). That means that the site you’re signing in to uses SSL to secure the transmission of private information like passwords, credit card and account numbers, etc. The software the website uses to run SSL may be OpenSSL. OpenSSL is one of the most widely used SSL software programs today.
What does the Heartbleed bug do?
The Heartbeat bug allows an attacker to extract 64k of data from a servers working memory at a given time. The attacker doesn’t know what that 64k will include – but since these attacks are generally run by computer programs that can repeat the process over and over quickly, there’s a great potential for a lot of sensitive data to be compromised.
What can I do to protect myself from the Heartbleed bug?
Change your passwords. Creating strong passwords is a good habit to make – read more about how to create strong passwords you can remember. It has been reported that Apple, Google, Microsoft and major banking services have not been affected. It does appear that Yahoo has been targeted, so I advise changing any Yahoo passwords you have. To be diligent, any password you enter on any secure sites you visit should be changed over the next few days.
Because we’re not sure when websites are patching their software to fix this bug, changing your password prematurely is possible. I recommend changing passwords to your most important secure sites ASAP, and again in about a week to allow for the possibility you may be changing passwords before the website has updated their OpenSSL software to patch the bug.
What about my WordPress password?
This is the kind of bug that will not directly affect your WordPress install, but it can potentially trickle down if the server has been compromised. If you’re hosting with TrekVisual, or we’re managing your website, your passwords will be changed over the course of the next week. This should not affect your normal day-to-day operation. We’ll contact you with updates as they happen.