There has been a lot of talk about the recently surfaced Heartbleed bug but I feel there hasn't been nearly enough information forthcoming about what exactly it is. No, it's not a virus, so updating your antivirus software of choice isn't going to fix it. Yes, you should probably change your password to all of the affected sites that you frequent, especially if you haven't changed it in a long time, and yes, you should mix up those passwords and not use the same one for all of them.
The Heartbleed bug is exactly that, a bug, a screw-up in the software that hackers have figured out to exploit. A quick tangent if you will: the term "bug" has been used since long before computers were around to describe a flaw in an engineering design, dating as far back as Thomas Edison. However it was computer pioneer Grace Hopper who helped coin the term after a moth was found to be trapped inside the Mark II computer being developed at Harvard. Hopper and the other engineers were attempting to trace an error the Mark II was reporting. Upon looking inside the actual computer the moth discovered flitting about, causing early memory modules to short out. Hopper acknowledges that she did not actually coin the term bug, but it was she who taped the carcass of the moth to the log book for Sept. 9, 1947. The operators who found the moth, and who were familiar with the engineering term, wrote "First actual case of a bug being found." The log with the moth still attached is now in the possession of the Smithsonian Institute.
The Heartbleed bug affects a bit of programming called OpenSSL, a popular program used by many websites as a way to encrypt information sent to and from your computer and the website's server. At first it was believed that as much as 60 percent of all websites were affected, but that has since been cut down to 17 percent. That's still a lot though, especially considering there are over 350 million registered domains out there, more than half of which end in .com or .net. That's still over 42.5 million websites, give or take a few.
As the name implies OpenSSL is considered "open-source" software, meaning it was created and developed by a number of talented programmers in their free time for very little compensation that is usually funded by donations, and anyone can make use of it the code without paying a dime.
In April 2012, a bug was unwittingly included with the newly released version 1.01 of OpenSSL that allows for a person to retrieve information from a server without leaving a trace.
Heartbleed makes use of a built in feature called "heartbeat." When your computer requests access to an encrypted server the server responds with a notice that it is listening to your computer, this is called a heartbeat.
Under normal circumstances, when your computer sends a packet of information to a website using OpenSSL the website responds with the same amount of data back. The Heartbleed bug allows a hacker to also retrieve additional data from the server, as much as 64 kilobytes of data, which isn't much but that 64 kilobytes could contain almost anything, your including your password or username. The data retrieved is completely random as it is simply data that is passing through the server's memory at the moment, but there is no limit to the number of requests that can be sent to the server. As more computers access the server the memory at the top gets recycled more frequently, so making sense of the random data a hacker does obtain is a herculean effort in and of itself.
Once the bug was made public it was quickly squashed by the developers, but everyone is being reminded to change their passwords just to be on the safe side. Website Mashable.com has a handy chart for which sites were affected, including most social network sites, save for LinkedIn, which didn't make use of that version of OpenSSL. Both Google and Yahoo were affected, so that includes other Google owned sites like Gmail and YouTube and even phones running version 4.1.1 of the Android operating system.
To make matters worse, just when you thought the smoke had cleared it was found the NSA had known about the Heartbleed bug since the beginning and was making use of it for spying purposes.
It may be months or years before we finally know what the full damage is as a result of the Heartbleed bug, in the meantime make sure to change your passwords and keep an eye on your credit score. Isn't the internet wonderful?