According to CBC.ca, Heartbleed is a security bug or programming error in popular versions of OpenSSL, software code that encrypts and protects the privacy of your password, banking information and other sensitive data you type into a “secure” website such as Canada Revenue Agency or Yahoo Mail. Such websites can be identified by the little “lock” icon on your browser or the “s” at the end of “https” before the web address.
Heartbleed is not a virus or malware, but could be exploited by malware and cybercriminals.
The vulnerability allows “anyone on the internet” to read the memory of the system protected by the bug-affected code. That way, they can get the keys needed to decode and read the data, according security researchers at the Finnish firm Codenomicon who discovered it.
The bug, named for the “heartbeat” part of the code that it affects, was independently discovered recently by Codenomicon and Google Security researcher Neel Mehta. The official name for the vulnerability is CVE-2014-0160.
The researchers have set up a website with more detailed information.
