A place for all things security.

Rough Going for Websites as Full Impact of Heartbleed Becomes Known

Apr 10, 2014 // Andrew Stroup

The impacts of the OpenSSL encryption flaw Heartbleed are becoming more widely understood in what has been called one of the largest security threats the internet has ever seen. The flaw, which has impacted companies such as Google, Facebook, and Yahoo, could let hackers gain access to users’ passwords and fool people into using bogus versions of web sites.

While the vast majority of these websites have patched this security flaws, it remains unknown how much, if any, user account data has been compromised. Because the glitch enables people with even moderate programming skills to engineer a way to passively monitor communications between users and website servers, the full implications of how this vulnerability was exploited may not be known for several weeks, if not months.

CNet has been keeping an updated list of major websites that have and have not been impacted by this flaw, and whether or not they have updated their security. If you have an online web service, you can go here to see if your website is vulnerable to the attack. Even if the flaw has been fixed, you should change your password if you have an account on any impacted website.