Printable Version of Topic

Click here to view this topic in its original format

Mosaic Musings...interactive poetry reviews _ General Site Information -> Scribe's Stylus _ "Heartbleed" bug and Secure Websites

Posted by: Imhotep Apr 9 14, 15:23

Hi all.

There's a nasty vulnerability running around out there right now. The specific bug has been named "heartbleed" (don't ask me....) but it affects a vast number of secure servers on the Internet (you might have heard about Yahoo). Specifics can be found here: http://www.businessinsider.com/heartbleed-bug-explainer-2014-4 but suffice it to say, it's not pretty.

I've updated the sections of my servers that use SSL (email, secure remote access and stuff) but the overall concern is really for sites that have personal data, online banking, online shopping and things that expose information that can be used to get into your other accounts, or be used to fraud your credit cards for unauthorized purchases.

Most websites are running around and doing the necessary patches (it takes about an hour to fix everything up) but if you use a site that was known as vulnerable, it's highly recommended to avoid those sites until they've addressed the issue and once the sites you do use have completed their security work to change your passwords. Changing passwords before the site has been fixed (if you must use it before the problem is addressed) isn't recommended, kind of a "well it could be captured with the bug and I'll just have to change it again in a day or two.." thing. Changing passwords every month or two is good practice anyway.

This only affects sites that have personal data, have the "secure" lock in the page, and are running versions of software that haven't been patched.

Nothing that affects our group right here directly, but something I thought you should know about so you can take the appropriate precautions.

Safe surfing!
I

Posted by: Cleo_Serapis Apr 10 14, 07:02

Sheesh Peter! I heard a little about this one yesterday. borg.gif

Thanks for the scoop! I will post this on our FB page too as an FYI.

Cheers,
L

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)