The Heartbleed Bug is a serious vulnerability in the OpenSSL cryptographic software that protects a majority of the world's encrypted or "secure" sites. Encryption works by using "keys" (a number, or sequence of characters) to encode a sent message. The receiving computer uses the key to decrypt the message. If intercepted by a third party, the message should be unreadable.
Read the Globe's earlier coverage on the Heartbleed bug:
- Tax services may be offline until weekend because of Heartbleed bug
- Explainer: What the Heartbleed security bug means for you
- Video: Beating the Heartbleed bug
Occasionally, a computer will check that there is still a secure connection by sending a small packed of data, known as a “heartbeat,” which asks for a response.
The Heartbleed Bug is a coding flaw that could allow an intruder, during a heartbeat exchange, to grab up to 64 kilobytes of data leaking from the processing memory of the website server.
... giving hackers access to passwords, user names, credit card information, instant messages, emails, and critical business information.
Hackers can read data in transit without establishing a secure connection, which makes the leak of information effectively invisible.