The just-discovered Heartbleed security bug that lets hackers decipher encrypted data has been exposing the personal information -- user names, passwords, payment card data a likely more -- used for online transactions for about two years, security researchers say.
The severe flaw in OpenSSL, encryption technology used by an estimated 500,000 websites, could could let hackers access, and translate, encrypted code without the knowledge of those running the website -- or the users supplying the data. The data is exposed as it flows between user computers and business servers.
Security experts have started distributing a fix for the problem, and say it should be used immediately, according to computer security experts.
The problem clearly affects millions of online shoppers, online bankers and even e-mail users, who need to know what happened and what they can do to alleviate the potential pain.
Computerworld offers a Tip of the Hat to Shane Dingman of the Toronto Globe and Mail for an easy-to-understand look at what happened, at some key websites affected and whether users can do anything at this point. In the story, Explainer: What the Heartbleed security bug means for you, Dingman also offers a solid explanation on how the bug works.
Read more about security in Computerworld's Security Topic Center.