Heartbleed software security bug – password protection and OpenSSL threat

“Heartbleed” is a recently discovered security bug in the encryption algorithm used by many sites. Information you provided online through which you thought was a secure connection may have been compromised.

Heartbleed is a recently discovered security bug in the encryption algorithm in OpenSSL  which is used by many websites. OpenSSL is used to encrypt web traffic and is denoted by the small closed padlock you see in your browser’s address bar that indicates your connection is secure. However, this Heartbleed bug has allowed anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Any data that has been sent over a previously presumed secure connection could have been compromised, including everything from passwords and encryption keys to banking details, credit card numbers etc. The heartbleed bug is exploited by sending a malformed heartbeat request with a small payload and large length field to the server permitting attackers to read up to 64KB of server memory that was likely to have been used previously by SSL.

Source: irishtimes(dot)ie.