Bad Internet news, nicknamed the “Heartbleed” bug, has been the talk of the web town this week. Turns out, it is as bad as it sounds, as OpenSSL (the Internet’s most commonly used cryptographic library) has become utterly vulnerable; spilling out private information since March 2012. How much information is at risk? Well, if you consider the widespread, difficult to detect 64 kilobytes “bleeding out” at a time for the past two years, I think it’s easy to classify it as one of the largest breaches of security thus far. In OpenSSL, web sites and applications such as online banks, emails, voice, and instant messaging services are able to protect user information; such as content, passwords, and Social Security numbers. The bug, that’s being described as “a simple, honest mistake in computer code”, has been visible to attackers across the wire, jeopardizing sensitive online information.
How has this been going on for two years? Well, Heartbleed made it past the quality assurance tests, deploying itself across the Internet, allowing hackers to potentially steal sensitive data wherever is vulnerable enough. Good news is, chief security strategist Richard Bejtlich from FireEye, a network security company, recently expressed “there’s no evidence that malicious hackers have exploited the flaw yet”. Unfortunately, “yet” is the word providing us with a continual flow of skepticism, and paranoia during this attack. In fact, you can thank Tor Project, an anonymous Internet browsing facilitator, for stirring the pot a bit. Tor recommended, “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle”.
Well, that’s one way to freak us out. But don’t despair! As updates and news references continue to spread across the web, the only way to know how to go forward is to be on the Internet reading these resources. So instead of assuming you’re protected from this point forward, check out what the experts have been saying first.
1. Who is affected: In order to check if you are using OpenSSL, a couple things stick out. One, websites you access show an “https” address. Two, a lock appears next to the address, indicating you’re on OpenSSL. Yep, this does imply you are on OpenSSL a lot.

2. Test to see which sites are vulnerable: This link from LastPass is a good tool for checking if a website you use has resolved the issue.

3. VPNs: If you have one, use it. It is “fairly safe”.

4. Change your passwords: Do this only if you know the website is now secure. “If the website is still vulnerable, changing the password will not accomplish anything. The hacker could potentially view your newly created password, too”. Also, be especially clever in what you change your password to. No more “Password1234” (no one should have been doing that anyways).
Websites such as Google, Amazon, and Yahoo have apparently identified the issues and secured their websites. Major lists of banks, apps, games, search engines, and more are consistently being updated in regards to their vulnerability status. This is most definitely a fight for our security and our privacy, most importantly “our freedom to communicate”. All we can do now is take the steps suggested for us. In the end, we are all tangled together online. Something like this was bound to happen in a weakness such as that.