Okay so this is just a quick little blog to inform you all.
Yesterday, April 8th, security researchers recently found a security flaw in OpenSSL, which is a popular data encryption standard that, when hackers know about it, can take as much information as they want from servers we assume are secure. It could happen just about anywhere, Google, Facebook, Yahoo, anywhere that was said or thought to be secure.
Computers send out things called "heartbeats" to make sure that the computer is connected to another computer with a secure connection. A heartbeat is a packet of data that asks for a response. In Heartbleed, a packet of data very similar to the other, disguises itself to trick the computer, then gets sent out, and makes it so data stored in the computers memory gets sent.
It sends out your passwords, usernames, anything you have uploaded on the server, and even credit card numbers could be pulled out of the data.
Some of your accounts may already be compromised, so, if you're paranoid, change every password you have, on every website. Just in case.
if any of you go on armor games,you dont need to change your password.i tested it.it gave me a c,but it said it wasnt vulnerable to the heartbleed bug.
Most websites already fixed the issue, you can check certain websites you use on SSL tests to see if they are okay to use, or if they have bad ratings on it.
Just google "SSL test" or "heartbleed test", whatever comes up first and whichever works the best.
A more technical view for nerds: The "Heartbleed" bug is exploited by naughty people sending malformed TLS heartbeat packets, and when OpenSSL responds, it also accidentally leaks 64 bytes of memory (RAM) into the response. Naughty people can keep sending these malformed packets to keep getting more of the memory, 64 bytes at a time. The memory can contain information including users' passwords among other things, like the server's SSL private key, which it uses to encrypt the SSL traffic.
On a note for people making websites:
If you have a website that uses HTTPS (SSL), test it for Heartbleed. Search Google for 'Heartbleed Test'.
If you get a result saying your website is vulnerable, update OpenSSL now. You need to update to the latest version. If you have OpenSSL <=1.0.0, or you run a Windows server using Microsoft IIS, you should be fine. If not, UPDATE. If you host your website on a dedicated server or VPS, update OpenSSL using your system's package manager (eg. yum, aptitude, packman) or, in the case of a Windows server, the OpenSSL website. If you're running a Mac OS X server, there should be a patch available through Apple Software Update.
If you host your website on shared hosting and the Heartbleed test shows your site is vulnerable, contact your web host about this issue now.
By @Danyelle
@dropkick500
@sieSweet
@HullBreach
