Internet companies claimed the "s" in "https://" on their browser's address bar keeps information secure. Some now suggest the security feature, because of the bug, makes the data less secure than if they had not used OpenSSL. Social site Tumblr posted a blog about Heartbleed explaining that it means "the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit."
Etsy also posted on its Web site a patch notice, and provides a list of things its customers should do now that it has fixed the security holes. Some of the steps include starting a new session by signing out and changing passwords. The site also suggests enabling two-factor authentication. There is also a free tool that companies can use to test if their own site is at risk.
Services, Facebook, Yahoo, Google and Microsoft on Tuesday said they are working to fix the problem. Bruce Schneier, who has been writing on Internet security issues since 2004, estimates that 500
million Web sites are vulnerable. Codenomicon, which explains that the bug is the result of a coding error, put up a Q&A Web site on the bug to help companies
understand the severity of the flaw. Maybe it will convince execs at online advertising agency and search engine marketing companies they need security experts to protect client data, and stop telling
me all the raw data they collect remains useless in its current state.
It's not just about fixing the flaws. It's more about earning and keeping the trust of consumers. If you really trust technology to keep your information one hundred percent secure, I have a bridge in Brooklyn I'd like to sell you.
"Broken Padlock" photo from Shutterstock.