By now you've probably heard of a massive IT issue that could potentially affect millions of Internet users. No, we are not talking about the XPocalypse, but  "Heartbleed," a bug discovered early this week that may have compromised the security of dozens of popular websites. Unlike many other bugs found daily by security experts, this quickly gained traction in mainstream media like The New York Times, NPR, even CNN. This is partly due to a clever (and responsible) campaign by those who found it, but also due to its widespread nature. It could affect the majority of websites that begin with "https."

What Was Impacted

"Https" sites use SSL (secure socket layer, also referred to as TLS, or transport layer security) to encrypt sensitive information like usernames and passwords when you visit and use their services. An attacker could have used this bug to steal this sensitive information. However, not all "https" sites are affected. The bug affects only systems that utilize the "OpenSSL" implementation, which is only one way, albeit a very common one, to ensure secure transport of data. 

How You’re Affected and What TechSoup Is Doing

The jury is still out, with up-to-the minute changes, as to the severity and exploitability of this bug. Mashable has posted a comprehensive list of sites affected, with official recommendations as to whether you should change your passwords. It's possible you'll need to change your password again in the near future, and websites continue investigating the extent to which they are affected.

We have been auditing our systems once this bug was found, and have determined so far that our internal systems and TechSoup websites are not affected. This means you do not need to change your TechSoup passwords.

We will continue to update you of our findings on this blog, and make recommendations if further action is needed.

 

Kevin Lo | Senior Program Manager, NetSquared.org | a part of TechSoup Global