Heartbleed – a nasty piece of work.

Heartbleed – a nasty piece of work.

Good morning, everyone,

Most of you have probably heard the news over the last few days, about the Heartbleed bug. This is not a virus, has nothing to do with what platform or operating system your computer runs, what browswer you use. Unfortunately this is much bigger than any of those factors. This affects the world’s servers, specifically those that run a version of SSL that contains a programming error. SSL is used on websites, for instance, that require you to login, and then display a lock in the address bar. This means that the site is supposed to be secure for your passwords, credit cards and other similar types of transactions. It also runs on email servers. Websites that don’t use SSL (don’t have the lock icon in the address bar) are not a problem.

Thus far there is no evidence that anything was compromised. Unfortunately that’s not much comfort because a compromise would likely not leave a footprint. Most big companies, like Apple, Microsoft, Google, Amazon either were not affected at all, or jumped right in and updated their version of the offending SSL software, but some big web presences are not talking about whether they’re affected or what they’ve done to fix their end of the problem. The story continues to develop.

This part is clear, eventually people who do business on the web will have to change passwords with companies with whom they do that business. The new passwords will have to be secure passwords and will need to be different from site to site. Yes. I know. What a freekin’ nuisance. There are some things you can do to mitigate the nuisance value.

So I am going to be compiling a list of recommendations in the next day or so for steps to take and what to do. There’s not much that one can do right now. Believe it or not, very serious people are suggesting just staying off the internet as much as possible, or at least not doing secure business until this situation starts to shake itself out. Depending on your email account, email may be compromised too. I am understanding that gmail has been secured. If you’re going to use it you must change your password (at gmail.com). One thing you could do is to start to make a list of companies with whom you do business on the web. That should keep you busy for a while.

I can assure you that just using your computer is not a problem. Visiting websites that don’t require a login is probably okay too.

I will get back to you later about specific things you can do.

Keep visiting this site for more info (and yes, I am taking a risk, but you won’t be taking a risk because there’s no SSL running on my site).

Leave a reply