Turmoil broke out earlier this week with the discovery of the so-called Heartbleed bug, an OpenSSL vulnerability affecting massive portions of the web. 

Discovered by Google’s Neel Mehta and security firm Codenomicon, the bug allows potential attackers to gain access to user passwords, and gives cyber criminals the tools to set up fake versions of trusted websites.

Described as one of the most serious threats to internet security, news of the bug sent webmasters and netizens alike scrambling to implement fixes and update passwords.

OpenSS-what?    

The Heartbleed bug affects open-source software, OpenSSL. This software is used to encrypt web communications, allowing data to be securely transmitted between website and user.

The vulnerability means usernames and passwords, credit card numbers, website security certificates, as well as actual website content has been potentially jeopardised.

CNET reported that major sites that were affected included Yahoo!, Imgur, and OKCupid, though these sites maintain that the problem has been rectified.

To help concerned users identify which sites were affected by Heartbleed, a vulnerability checker was created by developer Filippo Valsorda. The tool shows that sites like Google, Facebook, and Twitter are safe, but many smaller sites may not have had time to apply fixes yet. 

According to the OpenSSL project, version 1.0.1 as well as the 1.0.2 beta release is affected by the bug. In an advisory notice the organisation urged affected users to  immediately upgrade to OpenSSL 1.0.1g.

Various security companies have called on users to change all of their online passwords, starting with the most critical bank and online shopping accounts.

While most major websites maintain that the problem has been fixed, it is still recommended to change passwords. The bug has been around for some time, and any data stolen before its discovery is obviously no longer secure.

The threat extends to those who make use of password managers such as LastPass and Dashlane. The former was apparently affected by Heartbleed, but the company stated that no customer data was compromised. Dashlane also sent out notices assuring users that while the app itself (and its master password) was secure, it could not take responsibility for compromised passwords on other sites.

The Heartbleed bug demonstrates once again how the inter-connectedness of online life can have far-reaching consequences. It also serves as a reminder to keep that multitude of passwords updated and secure.