OpenSSL what is it and why should you care?

Heartbleed emblemOpenSSL is an encryption method used by websites to provide security against prying eyes.

The problem is that someone found a flaw in the programming of a certain kind of SSL. The flaw allows crooks to peer into the working areas of the encryption process and extract important information from it, such as passwords, or other private information.

If you remember passing notes in class and getting caught by the teacher, you quickly learned to encrypt your messages.  You devised a way to change the meaning of your letters or words.  As an example, you might have changed the letter A to a C, the B to a D, C to a E, etc. Hello John would look like: Jgnnq Lqjp.

The trick to using this method of encryption successfully is to send the key to your friend first.  You will also have to send some additional information about how the key works, who you are, and when is the key valid. These precautions are necessary in case your message gets intercepted.

Without the key, your scrambled message is cannot be read.  No-one without unlimited time on their hands will be able to see what is in your message.

That is how SSL works.  SSL stands for Secure Socket Layer.  I like to look at it like a wrapper that holds your communication under lock and key.  The website you are using will have a key sent to you first. You can use this key to unlock the wrapper containing your encrypted message.  The information you need to unlock or decrypt the message is contained in a certificate (the key) created by the SSL process.

That is why banks use SSL.  Shopping sites use SSL, and even virtual private networks (VPNs.)

The good news is that it only affects OpenSSL and a very specific version of OpenSSL. And by the time you read this, it has been fixed.

The affected versions of OpenSSL are 1.0.1 through 1.0.1f.  You can read a more detailed account at heartbleed.com.

Weather you were affected or not, you should change your password frequently — this seems to be the cure-all for all the security breaches.

Question:  How do you feel about all this?  Are you confused, scared, or do you shrug your shoulders and say, “Meh!”?

As always, leave me a comment below and subscribe to the news and updates if you have not already done so. http://askjuan.net/newsletter

One Reply to “OpenSSL what is it and why should you care?”

Leave a comment or question