Skip to main content

To quote Codenomicon (who found and named Heartbleed): The affected code is called OpenSSL and “is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.”

Internet security experts are scrambling to patch an alarming encryption vulnerability that has exposed millions of passwords and personal information, including credit-card numbers, email accounts and a wide range of online commerce.

Latest news

The Canada Revenue Agency says about 900 customers had their social insurance numbers stolen due to this bug. (The CRA website was closed for six days last week in order to patch the problem, and has extended the tax-filing deadline.)

How big of a deal is this?

Some reports suggest as many as two-thirds of the sites on the Internet are using OpenSSL, the encryption code that we now know is flawed and vulnerable to so-called Heartbleed attacks.

What other websites should I be worried about?

Canadian banks, airlines and online retailers such as Amazon.ca, Wal-Mart and Indigo Books all said they weren