There has recently been a lot of online worry about the Heartbleed bug however many people are still unaware of what it is and what they should do if they have been affected. The Heartbleed bug is a virus which is found in the open SSL software library. It is called Heartbleed as it leaks the information of online users into the web where private information is then exposed. SSL/TLS provide communication security and privacy over internet applications such as web, mail, instant messaging and VPNs however Heartbleed steals and exposes this information that would usually be protected.
A company called Codenomicon did research in order to view the attacks from the attackers prospective in order identify and resolve the problems. To test this, they externally hacked their own software without using any passwords or keys, however discovered that all private information such as usernames, passwords, secret keywords, emails and business criteria were instantly stolen without a trace. From this they then concluded that anyone could be attacked and be completely oblivious, therefore to help those concerned about the Heartbleed attacks, McAfee released a free detection tool to give peace of mind to those worried and the ability to take action to those affected.
There is currently no widely available fix for this issue however operators must inform users if they have been breached and then continue to provide the Fixed Open SSL to resolve the issue once the software is available for each server. Facebook and Google have already resolved and blocked all Heartbleed problems however other online sites have yet to approach the issue and are giving limited information to their users. It is advised that for servers that have been cured of Heartbleed for the users to change their passwords, however those that still need the fix resolving need not bother as the new password can still be accessed by attackers.