Well, not exactly a virus per se. Heartbleed is a recently unearthed vulnerability resulting from a bug in the OpenSSL software commonly used by most websites to encrypt data in transit. Apparently, this bug has gone unnoticed for at least 2 years, until it was discovered by Codenomicon – a security firm – and Google researcher, Neel Mehta.
Hackers can create a script that exploits the Heartbleed bug, on vulnerable websites, to reveal sensitive data stored on the servers including usernames, passwords and credit/debit card details. This is a potentially serious concern for anyone who uses web services where they have to create user accounts or make purchases with their debit cards. Think email, eCommerce and virtually everything you do online. Although, if you majorly use local online stores, you probably have less to fear, as Nigerian online services don’t store card details. But there remains a concern for commonly used login-based services like email. According to reports, online giant Yahoo was one of the affected. Yahoo claims to have since resolved this vulnerability.
Before you go on to use any online service where you have user accounts, or have made purchases, be sure to test it for Heartbleed.
Photo credit: Codenomicon