Researches have found a flaw that they are calling Heartbleed that affects software that is used to secure communication across the Internet. The Huffington Post reports that about two-thirds of servers on the Internet are effected and could expose user data including passwords.
OpenSSL is free and open-source software, which means the actual code used to write it is freely available to anyone on the Internet. A feature added in 2011, known as the heartbeat extension, allows extended connectivity for services. A flaw in this added feature allows malicious actors to read and capture data that is stored in the memory of the system.
Because of its wide use across systems such as websites, Instant Messaging services, and VPN (Virtual Private Networks) systems used to connect remote employees to corporate offices security, it is a broad issue to resolve.
What can you do about it?
As an end-user, not much. You have to wait until websites and systems have been fixed. There are some tools that have been built to test if a site has the flawed software still running on it…but this isn’t perfect. Make sure your banking websites aren’t coming up with any expired certificates and change passwords for any of your web-based sites.
For a business, make sure your IT company updates any systems that may be affected such as firewalls that typically have VPN software so that you can access your systems remotely in a secure way. If its not up to date, its as if you are running with out any security at all.