Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: This is the heartbeat. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the server’s memory beyond the total data of the initial request, up to 65,536 bytes.
It’s a major security bug believed to affect about 17% of all (supposedly) secure servers on the Internet.
Is your site affected?
There are a few free resources available to help you with this:
- LastPass Heartbleed checker
- Filippo.io Heartbleed checker
- McAfee Heartbleed checker
- The Chromebleed extension for Google Chrome will tell you if a site you’re visiting is affected.
Is it important to change the password?
Yes, if you are using the same password for multiple websites?
There are a number of high-quality password management tools that will help you keep track of your various passwords.
Here are a few password management tools: