The tech site Mashable tried to reduce the confusion caused by the discovery of the security vacuum Heartbleed, creating a list based on the statements made by now the most popular online services on whether or not prompt users to change their passwords immediately. Having identified the first time as one of the biggest vulnerabilities in the history of the internet, the Heartbleed is a backdoor in OpenSSL, one of the most popular software encryption. Thus, although the OpenSSL normally guarantee that every species sensitive information, such as passwords, handled securely between computers and a server, the existence of Heartbleed means that for at least two years could gain access to these data any hacker.
The news about the vulnerability in software encryption caused confusion for many users around the world who did not know whether they prefer online services based on OpenSSL to encrypt and therefore whether it is likely to have stolen sensitive data. Even worse, although many analysts initially recommended the immediate change of password for all vulnerable platforms, the path seemed that the solution is effective only for those who have upgraded to a new and secure version of OpenSSL. That’s because, if one changed the code to a service that continues to use the punched version of OpenSSL, it actually endangers both old and new code.
The list of Mashable comes to put an order in the chaos, clarifying first what companies use OpenSSL and consequently, the discovery of Heartbleed has no effect on their operation. Therefore, based on their statements, as LinkedIn, as Apple, as Amazon, Microsoft, the eBay, PayPal and Evernote based on other encryption software. This means that the users can trust the password you have already chosen. In contrast, the Instagram, the Pinterest, the Yahoo, the Dropbox, Box and the SoundCloud reported that exploit the OpenSSL, having in the meantime however upgrade their systems to the new version of the encryption software.
Thus, service users will have to change password. More diplomatically, Facebook said that faced the vulnerability even before this public, without even having identified traces interception. However, he adds that the Heartbleed is an excellent opportunity for the members to define a password for the social network, which does not use any other site. Finally, Google said it uses the services of the OpenSSL, which has already upgraded. However, claims that users do not need to change their passwords.
By Nicole P.