Everyone is crying about the Heartbleed bug that has caused security problems for sites that use a Secure Socket Layer (SSL) to keep log in and credit card details secure. It’s not a virus or even a direct result of hacking, but simply a hole in the code that leaves it open to enterprising coders to find their way through the security and see passwords.
Effectively it affects sites where you see the URL as ‘https://’.
OK so Dr Robin Seggelmann has ‘fessed up’ to having written the code with the hole in the middle, but how does all this work really.
It’s all to do with the way the system works.
Imagine you have a padlock and a key, you’ve got some information that you want to keep secure so the website sends you the open padlock – you put all your information in the ‘box’ and then click the padlock shut.
Technically, only the site that sent you that padlock has the key to open it. The SSL system has encrypted your information, scrambled it and transported it to the owners of the website who have the key to un-encrypt it and make sense of it all.
The encryption algorithm is broken – this means that, while information is in transit, clever people can look at it in these ‘holes’ in the encryption coding.
Obviously, the holes are being removed quickly by all the sites affected – but, it’s pointless changing your passwords if the issues on that site aren’t resolved yet. The easiest was to check is with a handy App called LastPass that tells you when websites have been fixed. To find out more about the App take a look at this and read the blog about how it works here: