Or anything that might reveal information you would rather not reveal to a hacker.
The problem is a hole discovered in the most popular form of encryption used by web servers.
A bug in software used by millions of web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers.
The bug is in a software library used in servers, operating systems and email and instant messaging systems.
Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth.Statistics from netcraft say that 500,000 web servers run this software.
It is not clear how widespread exploitation of the bug has been because attacks leave no trace.
"If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," said a blog entry about the bug published by the Tor Project which produces software that helps people avoid scrutiny of their browsing habits.
The Heartbleed bug can link just about any information from security keys to the actual content of your message.
What really annoys me is that the vulnerability was inserted in 2011.
Stuff like this is unacceptable. The security of the internet is simply too low for the average user. And the NSA is partly to blame. Although most of the blame can be put on tech companies, because their business models reward new features, but there is no financial reward for fixing bugs.
In a related note, today is the day that Microsoft stops supporting Windows XP. This doesn't mean that Windows XP will stop working.
What it means is that if a security bug is discovered in XP, you are on your own. There will be no fixes created. And things will just get worse in the future.
10:15 AM PT: To put some perspective on this, consider a few facts:
#1) There is a glut of stolen ID's.
Just in time for the holidays, the price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity.I've read about websites you can visit where they have databases so you can select the type and area of the ID you want to steal, as if you are shopping at Amazon.com. It's insane!
For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there.
Identity theft victims suffered more than $24.7 billion in direct and indirect losses in 2012 -- that's more than the combined $14 billion in losses consumers experienced from other types of theft (burglary, motor vehicle theft and other property theft) in the same period.This one gets me. Everyone is paranoid about your car getting stolen, or your house getting broken into, but no one worries much about your ID being stolen, even though it can be a huge headache, and is much more likely.
The Bureau of Justice Statistics highlighted these and other staggering statistics in its 2012 Victims of Identity Theft report, which was released this month. About 16.6 million U.S. residents ages 16 and older were victims of at least one incident of identity theft last year. That's about 7 percent of the population in that age group, and they most often experienced misuse of existing bank and credit card accounts.
In recent weeks, two companies have publicly described their experiences with what has become a popular hacker tactic: cyber extortion. Cybercriminals have threatened to disclose sensitive data or cripple websites unless their victims pay hundreds or even thousands of dollars in ransom.
Like kidnappers and terrorists, cyberciminals have been demanding ransoms for years. But cases of digital extortion appear to have grown more frequent in recent months and involved more high-profile victims, according to Matthew Prince, chief executive of the security firm CloudFlare.
“The brazenness of the attacks has increased and they are targeting household names,” Prince said in an interview.