Skip to main content

Heartbleed is insanely dangerous. Are you affected?

If you've been following the tech news, you'll have heard about a new security vulnerability called Heartbleed. This is a bug in a widely used piece of security software, OpenSSL, which can leak data.

Heartbleed is more dangerous than most security vulnerabilities for a number of reasons:

  • It affects a wide range of sites - when it was first discovered, an estimated 66% of the web was vulnerable
  • It's widely applicable - attackers don't need to trick users into doing anything unusual, and they don't need any login credentials
  • It's simple enough that unskilled attackers can use it
  • In most cases, it's completely undetectable
  • The data it leaks can be very high value - the bug effectively leaks randomly selected data from your app, so almost any data could be leaked

Just how high-value is the leaked data? We checked a number of major sites to see if they were vulnerable, and how badly.

The worst affected site that we saw was a major UK political party. The data leaked included names, addresses, and credit card details of donors.

They have since patched the site, however, and are no longer vulnerable.

We also saw leaked user credentials on multiple sites - all of which have since been patched.

If you're not sure if your site is affected, you can check online at http://filippo.io/Heartbleed/. If you are, it's imperative that you fix it as soon as possible.

If you're still vulnerable at this point, then there's a very strong chance that someone has already taken advantage of this. The bug could leak anything, so you should assume that all of your data has been compromised, and plan accordingly.

And even if you don't have a website, this would be a great time to change your passwords!

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.