So, by now you’ve probably heard of this horrible vulnerability in the OpenSSL encryption technology. According to Wikipedia:
The OpenSSL website bills it as:
a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) andTransport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
But what about security?
Recently, a flaw was discovered in the toolkit that allowed for massive exploits, and basically left everything wide open and untraceable. Naturally, this sent the Internet community into a frenzy of changing passwords and updating code and trying to patch vulnerabilities.
Patching isn’t the only issue here. Current certificates that had been issued under the unpatched versions still exist, and now comes the dilemma of revoking and reissuing all those certificates. In fact, because of this little problem, some experts are even advising against changing your passwords right away because they still have the very real possibility of being hijacked all over again.
There is also the problem of knowing who was affected and who wasn’t. Not all websites use OpenSSL as their encryption toolkit. Many do because it is open source and free, but there are still plenty who paid and use other toolkits to secure their sites. You don’t have to change every single password you use, only the ones on the affected sites. Several locations have compiled long lists of affected sites that you can scroll through to check for ones you use, but others, like security firm LastPass, have set up online checkers that look at specific websites for you and let you know if they have the bugged OpenSSL on them.
In the end, it really just shows that paying attention to your records like credit reports, changing passwords often, using complex and secure passwords, and all those other internet safety tips have real meaning. Always be safe because you’re less likely to be sorry.