Heartbleed, a play on words from the OpenSSL feature called “Heartbeat,” was discovered by a Google researcher and a Finland-based security company, Codenomicon.
Articles at the Washington Post and many other sources are pointing out the potential for widespread security problems.
The vulnerability could allow hackers to access encrypted data online, including sensitive data such as user names, passwords, credit card numbers and Social Security numbers. Some researchers believe that hackers might even have been able to access encryption keys that can unlock Internet traffic on a mass scale, even when the data have been stored for years.
Companies and government agencies have been scrambling for days to correct the flaw by updating software. Dozens of popular Web sites, including Yahoo, have proved vulnerable to data theft this week. Because the exploitation of the flaw leaves no traces, it is extremely difficult to know what sites were compromised between the introduction of the flaw in March 2012.
Test your server for the flaw using these resources: