Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Heartbleed

Heartbleed causes massive online scare - but don't change your passwords just yet

Google sites such as GMail and YouTube are clear, the company says.

A NEW SECURITY bug has sparked online panic, with experts saying that users of a large number of sites should change their passwords – but not right away.

Heartbleed is a security flaw in OpenSSL technology, an implementation of a protocol that is used to protect data across the web.

Around two-thirds of the web uses OpenSSL and the Heartbleed bug has been present for around two years.

The bug can, in theory, allow anyone access the information of people who used affected sites and there is not much that can be done by users just yet. It is up to individual websites to upgrade to a version of OpenSSL that is unaffected.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

Google sites such as GMail and YouTube are clear, the company says, but a large amount of other websites are still affected.

Yahoo, which has more than 800 million users around the world, said Tuesday that most of its popular services — including sports, finance and Tumblr — had been fixed, but work was still being done on other products that it didn’t identify.

PastedImage-18556

A GitHub list compiled by a user outlines around 10,000 sites and whether they are or are not affected.

It is recommended that users of sites that have passwords search the list for their bank, email and important account providers. Ultimately, you’ll need to change your passwords, but that won’t do any good until the sites you use adopt the fix. It’s also up to the internet services affected by the bug to let users know of the potential risks and encourage them to change their passwords.

Read: ‘Heartbleed’ security bug leaves encrypted web servers at risk

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
57 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds