The internet is still there. The thing is, you really just shouldn't log in.
A vulnerability has been discovered on Monday, April 7th 2014 in OpenSSL that makes a secure login and your information saved on those severs visible to nefarious crackers.
It came with an implementation made to OpenSSL two years ago, called Heartbeat, which is a sort of pinging between you and the SSL server to keep your connection alive. This implementation can be exploited and the cracker can then read 64k of the server data at a time, including the SSL Certificate of the website. This vulnerability is called Heartbleed, from the 64k private data that can be bled from the Heartbeat implementation.
It came with an implementation made to OpenSSL two years ago, called Heartbeat, which is a sort of pinging between you and the SSL server to keep your connection alive. This implementation can be exploited and the cracker can then read 64k of the server data at a time, including the SSL Certificate of the website. This vulnerability is called Heartbleed, from the 64k private data that can be bled from the Heartbeat implementation.
Now before you freak out, this doesn't affect the entire internet (or two thirds, as has been widely misreported). It only affects servers running OpenSSL, which excludes 1/3 of the internet already (eg. Microsoft, along with many other websites use Microsoft-IIS/8.0, instead of OpenSSL). This is where mainstream media stopped reading. What they fail to mention, is that this Heartbeat "feature" has to be enabled on the specific implementation of OpenSSL as well. So the good news is that it works out that only about 17% of the internet is vulnerable.
This is where the good news ends though, because, of those 17% compromised sites included are:
Amazon, Imgur.org, Archive.org, OkCupid, Lastpass, Tumblr, Flickr, (actually the entire Yahoo suite, including Yahoo Sports & Finance), 500px, etc..
A list has been posted on GitHub (which was also vulnerable, but has since been fixed)
It is recommended that all servers running OpenSSL either upgrade to TLS 1.1 (TLS 1.0.2b and prior implementations of OpenSSL are vulnerable) or recompile OpenSSL with the heartbeat feature disabled.
For users, you should wait till the websites did this, before you log in, to prevent third parties from seeing your info as you log in to a site that is clearly no longer secure.
So like I said at the start of this. You really shouldn't be on the internet now, at least until all this is fixed.
The great people at LastPass has a little online checker: www.lastpass.com/Heartbleed to check if a website is safe to log into. I recommend you try it before logging into your social media & banking sites, especially is you are one of those people who use one password across many sites. (Don't do it, just use a free password manager like KeePass or LastPass instead.)
That's all from me for now. Keep safe.
