The "Heartbleed" computer bug continues to wreak havoc and make headlines today. Here is some of the latest news on the security problem.
What is it?
First, a definition, from the website Heartbleed.com. Basically, the bug is a vulnerability in OpenSSL cryptographic software that allows hackers to steal normally protected information such as passwords.
What sites are affected?
CNNMoney.com has a list of sites that were affected and not affected. For affected sites, you should change your password.
A new potential risk:
The risks of the bug extend beyond just Internet service providers, according tothis Reuters article. Hackers could crack email systems, security firewalls and possibly mobile phones through the bug. Developers at companies such as Amazon.com Inc. and Google Inc. rushed to fix the problems on their servers, but pieces of vulnerable code can be found inside other places, such as email servers and PCs.
Network equipment impacted:
Cisco Systems Inc. and Juniper Networks Inc., two of the largest manufacturers of network equipment, revealed yesterday that some of their products contain the bug, according to this Wall Street Journal article - meaning hackers might be able to capture usernames and passwords as they move across corporate and home networks. Unfortunately, these devices will be more difficult to fix.
How did the bug start?
For more information on how this bug started, read this BloombergView article. "The problem can be fixed with a wake-up call and a bit of money," writes Leonid Bershidsky.
For more of an overview of what the bug is and how to protect yourself from it, read Megan VerHelst's article from yesterday's Business Record Daily.