Have you heard of the Heartbleed bug that has threatened internet security? I read a couple of articles about it, trying to figure out what to do. One article said change your passwords immediately, others said don’t change your password if the site in question is still using the faulty software. So I’m grateful for these articles by mashable.com and CNET — they gave me the information I needed. I’m now off to change some passwords, starting with Facebook!
April 12, 2014
I did not know that you were on facebook! See, that is how these things work. Now all your readers will want to make you their facebood friend!
I’m afraid I never post on Facebook and use it only occasionally to find out what some friends/acquaintances have been doing. But I did change my password and it’s the knowledge I would appreciate hearing.
I don’t know whether I should do anything about this particular scare or not. There are so many scares that turn out to be nonsense, and of course the experts all give contradictory advice about what to do. I think immediately of the non-existent millenium bug….
That’s why I was happy to find the Mashable article. It told me what I needed to know.
“If it ain’t broke, don’t fix it.” Wait & see.
YAYAYYYYYY!!! bhb is BAAACCCCKKK !!!!
and with my words exactly.
i ain’t fixin’ nothin’.
not til i have to! LOLOL. then…
we all know.
you’ll have to hear me whine and moan and complain that it’s broke! LOL.
Yes, yay, bikehikebabe! It’s good to see you again!
And tammy, your “don’t do anything and complain later if need be” works just fine too. 🙂
Welcome back BHB. Hope that’s an indication that you are doing and feeling much better… 🙂
I agree with Nick. This seems to be a serious flaw in OpenSSL security, but one that is not that easy to exploit.
A New York Times article says, “…a group of security experts at CloudFlare, the Silicon Valley Internet firm, said that in tests this week, they were not able to extract any private key data from a vulnerable server using the Heartbleed bug.”
and
“Note that is not the same as saying it is impossible to use Heartbleed to get private keys,” Nick Sullivan, a security engineer at CloudFlare, wrote in a company report. “However, if it is possible, it is at minimum very hard.”
That’s the impression I got too. Hackers could only retrieve a small amount of information at time, and you had to be transmitting at just the right time to be vulnerable. But I can understand why it shook people up. They want their sites to be safe — it’s an important selling point. And the bug was there for two years before it was discovered. What else is hiding in the shadows?
The main worry when it was announced was that hordes of hackers would pounce before the code was fixed.
I have changed a few passwords too, and then I read that it would be more efficient to wait until “they” fix the bug… In any case, it’s probably a good prompt for people like me who are lazy about regularly changing their passwords.
Some people say change your passwords every 90 days. I don’t do it nearly that much. I might if you weren’t supposed to use different passwords for every account. I use essentially the same one for accounts I don’t care about, but more complicated ones for the sites that could cause problems. Some advice just isn’t realistic.