Consumers used to waking up every week or so to news of yet another Internet security hole or data breach may be hard-pressed to understand why Heartbleed, the hole in the commonly used Web security software OpenSSL, is different. But it is: Such diverse and nonalarmist security commentators as Bruce Schneier, along with the Electronic Frontier Foundation and Ars Technica, have all dubbed the bug "catastrophic."
"On the scale of 1 to 10, this is an 11," Schneier wrote on his blog yesterday.
So: What is it? How do you know if it affects you? What should you do about it?
SSL—for Secure Sockets Layer—is a protocol used ubiquitously on the Web to protect confidential user information in transit. This includes, but is not limited to, user IDs and passwords, credit card details, and other personal information. When you see HTTPS at the beginning of the address in your browser's address bar, that syntax indicates that SSL is in use to encrypt the traffic between your computer and the Web server at the other end. Increased used of SSL to protect the queries and messages users type into search engines, Webmail, and social networks so they cannot be read in transit has been an important part of the Web's response to Edward Snowden's revelations of endemic National Security Agency spying on Internet traffic.
SSL is based on public key cryptography: that is, each server using it has a pair of complementary cryptographic keys that are authenticated by a certificate issued by a trusted authority. Material encoded with the public key, which may be disseminated widely, can be decrypted only by the private key, which is kept secret, and vice versa. When you communicate securely with such a server, your browser first checks the server's identity by checking the certificate. If the browser trusts the certificate, it sends back a message using the server's public key. The server then sends back a digitally signed acknowledgement, and a secure session begins. You can see details of this authentication by clicking on the little padlock that appears next to HTTPS in your browser's address bar. To be useful, SSL has to be implemented in software that in turn is incorporated into a bigger product such as a Web server. The most common such implementation is OpenSSL, used by approximately two thirds of the Web's servers.
Heartbleed is the result of a two-year-old programming error that allows an attacker to trick a system running OpenSSL into undetectably revealing the contents of the server's system memory. At a given second these may be anything—a user name and password, a credit card number or, most damaging, the server's private cryptographic keys. Many well-known sites are affected, including Yahoo! (and its subsidiaries Tumblr and Flickr), the dating site OKCupid and the anonymizing browsing system Tor.
A breach like Target's in December 2013 was comparatively simple. Its reach was huge— puts the number of compromised records at 110 million—but the boundaries are roughly known. Consumers know whether they were at risk, and so do business partners such as suppliers and customers. By contrast, Heartbleed is a hole in a piece of fundamental technology that millions of individuals and businesses worldwide have trusted to secure systems ranging from retail Web sites to mail servers, and because there is no way to know what information may have been copied, the exact scale may never be clear.
Fixing the problem is a multi-stage process: site engineers need to patch their server software (which may require waiting for their vendor to provide the patch), revoke their old certificates and keys, and issue new ones. Therefore, say experts such as the anti-virus company Sophos, changing your password before this work is done won't make you less vulnerable, although you may wish to do so anyway. If you do change all your passwords now, make sure to go back and do it again as sites are fixed. You should, however, change immediately passwords on other sites that are the same as the ones you've used on the affected sites. Consider using password managers like LastPass, 1Password or Password Safe to make it easier to generate random, unique passwords—to do so they require you to remember a single (long! complicated!) passphrase.
In the longer term, the Electronic Frontier Foundation is pushing sites to adopt Perfect Forward Security, which would eliminate attackers' ability to use sites' private keys to read data they've stored up over the last two years.