Posts Tagged ‘Heartbleed’

Computer CPR: How to respond to the Internet’s Heartbleed security hole

April 12, 2014

By Matthew E. Milliken
April 12, 2014

The other day, I spent about an hour updating several of my Internet passwords. The spur for this, in case you didn’t know — and if you didn’t, you really should — is Heartbleed, the gaping flaw in World Wide Web security protocols that may have given snoopers access to supposedly secure passwords and other information over the last two years.

It’s not yet been determined whether anyone actually exploited the vulnerability in the OpenSSL code, which perhaps half a million websites used. (Another article estimates that this code is used on perhaps two-thirds of Internet servers. SSL, by the way, stands for secure sockets layer.) Samantha Murphy Kelly reported Wednesday that there’s no indication that hackers were aware of the bug before it was announced at the beginning of the week, and on Friday, the National Security Agency denied that it had either known about or used the flaw.

Still, in the wake of these revelations, Internet users have been advised to change their passwords. There are a couple of wrinkles, however. One is that if a site you use has been compromised, a password change won’t make a web account more secure unless that website has patched the vulnerability.

There are workarounds, of course. On Thursday, Mashable compiled a table listing popular sites and whether or not a password change was advisable. Also, Internet denizens can go here and enter specific web addresses to see if those pages have been affected.

Read the rest of this entry »

%d bloggers like this: