'Heart Bleed' Bug Ravages Web, Users Urged to Change Passwords

Internet security professionals from across the world have been in a panic as the recently discovered "Heart Bleed" bug debuted shortly after being discovered Monday morning. This exploit is perhaps one of the greatest threats to ever surface on the World Wide Web, threatening to reveal sensitive consumer identification information on a massive scale. The exploit, discovered jointly by security engineers working at Google and Codenomicon, is a flaw in popular encryption technology OpenSSL. Much of the angst surrounding the bug is because of how long it has apparently existed, and the very fact that attackers are untraceable.

The bug can be a little tricky to explain, but it revolves around a piece of software called OpenSSL that essentially helps in ensuring user information is encrypted over the internet pipeline; when you're making a purchase online, entering sensitive user details, or sending an email, this technology is at work to safeguard you from prying eyes. However, an exploit in OpenSSL has allowed hackers to gain access to this information for over two years.

Most of the web is believed to be affected by the bug, although no one is certain how widespread attacks might have been over the last two years. At the time of the discovery, Yahoo.com was the only major internet company to be affected by 'Heart Bleed'; companies such as Amazon and Facebook are unaffected, however, they may have run the bugged software at one point in time. According to a Netcraft web survey, over 66% of websites online are believed to be affected by the exploit.

One internet security firm, Fox-IT, simulated an "attack" on Yahoo to conclude how devastating the bug is overall. Ronald Prin, an analyst that led the simulation, tweeted that "We were able to scrape a Yahoo username & password via the Heartbleed bug," eventually adding that "... ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!" Since the time of this simulation, Yahoo has already applied patches preventing further exploit.

Tuesday night, at approximately 9PM, Plymouth servers were taken down to apply security upgrades. According to a post by JoAnn Guilmett, Director of Client Services at Plymouth State, "A critical vulnerability has been identified that impacts a number of PSU's systems including myPlymouth and its related services (such as Moodle, Mahara, Self-service Banner, Banner INB, and PSU blogs)." These services have long since been restored, and downtime is likely related to the exploit's discovery.

It is highly advisable that anyone who is concerned with their internet security to immediately change their passwords for any service they use, and to presume their information has been compromised. It is important that this information is passed on to as many individuals as possible, as remedying the overall solution requires effort from both web administrators, who may not know of the exploit, and users alike.