'Heartbleed' bug exposes critical internet data
Security Compass' Sahba Kazerooni on what you need to know about the 'Heartbleed' vulnerability
The Department of Homeland Security on Friday warned Internet users to monitor their online use of banks and other sensitive websites after a computer bug targeting popular and trusted web encryption became known earlier this week.
The bug, called “Heartbleed,” has raised alarms that websites across the Internet may be vulnerable to hackers.
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems,” the department said in a statement. “That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.”
The department urges users to change their passwords once they know a website has upgraded its security in light of the bug, and recommends closely monitoring accounts for “suspicious activity.”
The security hole exists on a vast number of the Internet's web servers and went undetected for more than two years. While it's conceivable that the flaw was never discovered by hackers, it's nearly impossible to tell.
A list of websites that were affected by the bug, according to Mashable, includes popular social media sites like Instagram and Pinterest, as well as email clients like Gmail and Yahoo! Mail. Mashable is also urging users of websites such as Facebook, Tumblr, and GoDaddy to change their passwords to play it safe.
Qualys SSL Labs has created an online tool that lets visitors type in the names of websites to assess their vulnerability to the bug.
The Associated Press contributed to this report.
Get a daily look at what’s developing in science and technology throughout the world.