A NEW SECURITY bug has sparked online panic, with experts saying that users of a large number of sites should change their passwords – but not right away.
Heartbleed is a security flaw in OpenSSL technology, an implementation of a protocol that is used to protect data across the web.
Around two-thirds of the web uses OpenSSL and the Heartbleed bug has been present for around two years.
The bug can, in theory, allow anyone access the information of people who used affected sites and there is not much that can be done by users just yet. It is up to individual websites to upgrade to a version of OpenSSL that is unaffected.
It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.
Google sites such as GMail and YouTube are clear, the company says, but a large amount of other websites are still affected.
Yahoo, which has more than 800 million users around the world, said Tuesday that most of its popular services — including sports, finance and Tumblr — had been fixed, but work was still being done on other products that it didn’t identify.
A GitHub list compiled by a user outlines around 10,000 sites and whether they are or are not affected.
It is recommended that users of sites that have passwords search the list for their bank, email and important account providers. Ultimately, you’ll need to change your passwords, but that won’t do any good until the sites you use adopt the fix. It’s also up to the internet services affected by the bug to let users know of the potential risks and encourage them to change their passwords.
To embed this post, copy the code below on your site
have your say