As a regular Internet user, you expect the background of the Internet to just work. Everything that goes on behind the scenes, all the encryption, all of the handshakes, and every little transaction should be able to provide you with a safe way to communicate and do your business online without having to worry about hackers prowling at your every move. Unfortunately that’s not how the Internet works, and the OpenSSL “Heartbleed” bug is definitive proof of this. There are some things you should know about this bug because, in all likelihood, it pertains to you more than you think.

What Is OpenSSL?!

OK, so I mentioned OpenSSL twice and didn’t even explain it to you. Do you see the little lock icon next to the “https://” on your browser when you enter “secure” sites? It looks something like this on Google’s Chrome web browser:

opensslbug-paypal

When you see that, you’re using a special form of encryption known as secure socket layer (SSL) or transport layer security (TLS). To provide services with this encryption, you need an algorithm that will provide the encryption/decryption for the packets you exchange with the server. This means that they need to have a way to translate your text into unreadable gibberish and then translate it back from that into the readable form on their own end. Using this technology, if a hacker somehow manages to interfere with your connection to the server, all he’ll read is a long string of babble.

Now, we get to the part (finally) where we explain what OpenSSL is: It’s a free and open-source implementation of SSL/TLS protocols. With this technology, anyone can provide encrypted services to you. Many companies you have accounts with may use OpenSSL to encrypt your data.

But what if OpenSSL has a bug that completely defeats the purpose of encryption?

The Bug Explained

opensslbug-heartbleed

On April 10, 2014, the folks at PerfectCloud, an identity security company, have reported on a massive hole in OpenSSL’s coding known as the “Heartbleed” bug. For two years, we haven’t seen a new version of OpenSSL, and during that time it had a problem in its code which exposed a bit of server memory. This memory chunk could contain the private keys that are used to encrypt/decrypt data. Ouch!

What this means is that a hacker could discover the server’s cryptographic keys and simply decrypt everything you send to it, including your username, your password, and everything else that’s important and dear to you.

The bug was fixed on April 7th, 2014, but that doesn’t mean that everyone’s followed through with an update to their implementations of OpenSSL. Major Internet companies like Amazon and Yahoo have taken care of the issue, but that still doesn’t mean you’re in the clear! A hacker could have your username and password on a list right now ready to be used to try to access any other accounts you may have elsewhere.

What Should You Do?

So, even if a company upgrades to the latest OpenSSL implementation, you’re still at risk for previous exposures. However, if there are any further hacking attempts, they won’t succeed. What you can do in this situation is change your password everywhere. Don’t let it wait. Just change everything so that you’re prepared if a hacker ever decides to try out your accounts.

Any More Thoughts?

This bug simply shows how delicate and interwoven the Internet is. Despite its booming security awareness and unregulated awesomeness, the Internet is still the internet, and it will always be under siege. What recommendations do you have for companies that use OpenSSL? How did your understanding of security ecosystems change? Are you confused about something? Post your thoughts on anything related to OpenSSL in the comments area below!

What is Bitcoin And How You Can Utilize It Online

Do you know that the Internet actually has its own currency. Since 2009, we can pay and get paid using Internet’s own currency – Bitcoin.

Converting Files In Google Drive With DriveConverter

If you’re looking for a built-in tool to convert files in Google Drive, then try DriveConverter, a web app and Chrome extension specially built for Google Drive. It offers more flexible conversion features for documents, images and music files.

The Complete Guide to Avoid Scams on Craigslist

Craigslist is a popular place for people to buy and sell stuff. It is also a good hangout for fraudster to scam the user. This guide will teach you how to avoid scams on Craigslist.

Edit Google Drive Videos Inside Chrome With WeVideo

What if you left your laptop at home and there is an urgent need to edit a video that you saved in Google Drive? Thankfully you can make use of WeVideo to edit the video directly in Google Drive.

5 Dictionary Tools for Google Chrome

Do you remember back when you had to know how words were spelled? Here is a selection of dictionary tools for Google Chrome.

How to Enable Two-Step Verification for Evernote

Add an extra layer of protection to your Evernote account by enabling two-step verification. A code will be sent to your mobile phone whenever you log in.

What You Need to Know About Future Web Standards (That are Making the Internet Better)

The Internet started 40 years ago and many things have changed since then. Let’s take a look at the future web standards and how they improve the Internet.

Why Am I Not Getting My Full Internet Speed on Fiber?

Despite the fact that fiber is amazingly fast, it’s not necessarily delivering the Internet speed it promises. Check out the reasons why is this so.

How to Stop Firefox from Sending Downloaded File Information to Google

Firefox version 31 comes with a feature that checks your downloaded file with Google for malware. You can disable it if you are concerned about your privacy.

How to Save Links Into a Google Spreadsheet in Chrome

When you need to do research that’s heavy on citations, you can use Citable to quickly save websites’ link and notes to a Google Spreadsheet document.

4 Must-Have Chrome Extensions for YouTube Enthusiasts

If you are a Youtube enthusiasts, as well as a Chrome user, here are some of the best Chrome extensions for YouTube to improve your video watching experience.

8 Common Browser Error Messages That You Should Know

While surfing the web, you probably have come across error codes like 404, 502, etc. Here are some of the most common browser errors that you should know.