By Gitte Laasby of the Journal Sentinel
April 9, 2014
"Heartbleed," a major online security flaw that went undiscovered for about two years, has left millions of credit cards, user names and passwords exposed that were supposed to be encrypted and safe.
Security experts advise consumers to change all their online passwords — but only after they verify that the website or server that hosts the account has installed an update to its encryption software that fixes the Heartbleed bug.
They advise consumers who want to minimize the risk of their information being hacked to ensure a website has installed the software update that patches the security hole before changing their passwords.
Here are basic questions and answers to deal with the situation:
What is Heartbleed?
The Heartbleed bug creates an opening in the type of encryption software used on websites whose addresses start with "https." The encryption is used to secure high-security services such as banking, file storage and email as well as other online accounts, instant messaging and private networks. The Heartbleed bug allows hackers to decrypt traffic and scrape a server's memory for sensitive information, including personal and financial information, user names, passwords and any files uploaded to the account.