Heartbleed is a catastrophic vulneralbility in OpenSSL that allows anyone on the Internet to steal the information protected with OpenSSL.
SSL or Secure Server Layer allows for the secure transfer of protected data over the Internet, under normal circumstances.
In his blog chief technology officer of Co3 Systems Bruce Schneier said: "The Heartbleed bug allows anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the name and passwords of the users and the actual content”.
"This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users," he added.
OpenSSL is in use by about 66% of websites estimates the New York Times and that includes many popular sites such as Facebook, Yahoo and Google, including ours. The patch was applied as soon as it came out, before the news of the flaw went public, as it was in our case.
You can read more about Heartbleed on its own website on http://heartbleed.com/
What should I do?
You should first ascertain that your provider is not or no longer vulnerable and then change your passwords.
Mikko Hypponen of security firm F-Secure issued similar advice: "Take care of the passwords that are very important to you. Maybe change them now, maybe change them in a week. And if you are worried about your credit cards, check your credit card bills very closely."
You can check whether a specific site remains vulnerable to Heartbleed with a tool put together by developer Filippo Valsorda or, if you are using Chrome, add an extension that will work in the background and checks to see if the site you are currently visiting is affected by the Heartbleed bug.
We have patched the vulnerability.
We do recommend regular password changes, so this might be a good time to do so.