Friday, April 11, 2014

"Heartbleed" SSL bug, what should you do?

It seems like everyone (online and offline) is talking about the "Heartbleed" SSL bug.  To over simplify how it works, a malicious user or program can make a call to a remote server and request information from it's memory which can include information such as encrypted versions of a username and password.

The following XKCD comic does a great job in making this bug more understandable for those that might not understand the technical underpinnings of SSL.

If you want to know what to do, there are a few things you should know.  First of all this bug only effects Linux servers using an older version of an open source SSL implementation.  So not all web sites are effected, because its not a problem with the SSL technology.

Second, most of the large popular sites that were effected by it should have patched their servers by now. Some sites have already send out notifications to users to change their password.

If you're worried about a specific web site/account, go ahead and change it just to be on the safe side.  When dealing with the Internet it never hurts to be too careful.

No comments:

Post a Comment