Heartbleed: Three things you need to know about the bug

A newly-discovered bug named Heartbleed has exposed more than two-thirds of the world's websites to snooping. -- FILE PHOTO: REUTERS
A newly-discovered bug named Heartbleed has exposed more than two-thirds of the world's websites to snooping. -- FILE PHOTO: REUTERS

A newly-discovered bug named Heartbleed has exposed more than two-thirds of the world's websites to snooping.

The flaw is in the OpenSSL program designed to keep websites safe. At least 500,000 servers were reportedly exposed, including those of hosted email service provider Yahoo.

Heartbleed allows an attacker to pull any data from a server's working memory. The server's encryption keys could be stolen and used to unlock highly-sensitive information, making Web transactions unsafe.

Here's what you can do to keep your information safe:

1. Contact your online service providers and check if they were affected by Heartbleed, and if so, whether they have patched their systems.

2. Change all your passwords only until after service providers have confirmed that they have patched their systems.

3. Temporarily avoid visiting or transacting on any website that is known to be vulnerable. Here's a test service to determine if a website is vulnerable to Heartbleed https://lastpass.com/heartbleed/