Making Some Sense of Heartbleed

If you’re like me, you’ve probably seen articles about Heartbleed in every newsletter you read as well as on Twitter and Facebook, Friends are asking “why is everyone changing passwords?” and so forth.

Now that the hysteria in the media has settled down,I’ve put together a list of articles that will help you understand the issues and what to do. I’ve also included a short summary of each, in case you can only read one or two now, and want to read the others later. By the way, I left the full URLs here so you could be sure I wasn’t sending you to a site designed to exploit the bug or something.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
This is an oft-referenced article about what passwords to change and what can wait. There are some great tables in here. It has other useful info, too, but really, it is a good reference for where things are.

http://filippo.io/Heartbleed/
This is a tester to see whether or not a given site has been updated to protect itself against Heartbleed. Some sites can’t be easily tested, and it lets you know why. It’s pretty simple: enter a URL and it will do a quick test to see if the bug has been patched.

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is a good article about the bug itself. It links to an article with even more information, good read if you want to know why you’re changing passwords.

http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/
This artcle is, as the title implies, how to protect yourself. It also deals with checking to see if any of your accounts have been compromised and so on.

http://gizmodo.com/the-heartbleed-vulnerable-passwords-you-need-to-change-1561817244
This gizmodo article is a good summary of what you need to do now. It is concise and specific.

http://online.wsj.com/news/articles/SB10001424052702303873604579493963847851346?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702303873604579493963847851346.html
It turns out that some routers also used the OpenSSL library with the Heartbleed bug. I suspect people are still looking for other places that use it.

Finally, if you are a developer and want to use a library other than the popular OpenSSL that had the bug, InfoWorld offers four alternatives: http://www.infoworld.com/t/encryption/after-heartbleed-4-openssl-alternatives-work-240304

To your safe computing,
John McDermott

Type to search blog.learningtree.com

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.