An internet bug (a flaw in the software) has been found known as the Heartbleed bug. This flaw was announced a few days ago although it has been present in the software for at least a year.

To get technical for a moment, the bug has been found in software driving the Secure Socket Layer (SSL) which is the most widely deployed security protocol used today. SSL is the protocol that provides a secure channel between two machines operating over the internet and is fundamental to the workings of internet communications. The nature of the bug enables somebody to obtain data from a secure link which may include sensitive material thus compromising security keys such as passwords.

The big players on the internet such as the banks have applied fixes to their software but obviously it takes time for everyone to catch up.

So what do you need to do? Probably nothing at the moment. Don’t panic but maintain a good security vigil. The Guardian newspaper has a good article explaining the problem here:

For a list of websites that have put in patches to fix this vulnerability click here

Heartbleed – Don’t Panic Mr Mainwaring