Being cautious about Heartbleed

If you haven’t heard, Heartbleed, aka CVE-2014-0160, is a vulnerability in OpenSSL – a cryptographic library which is used to secure a bunch of internet services via SSL/TLS. When you see the green https at the left hand side of your browser’s address bar, there’s a good chance that OpenSSL is behind the scenes, silently encrypting your data before sending it to you.

If you’re curious about how Heartbleed works, check out this excellent comic from XKCD.

Unfortunately (or fortunately, depending on your point of view), some boffins have discovered that OpenSSL has a bad habit of allowing anyone on the Internet to probe the server and retrieve the contents of its memory. This memory could contain anything, but the biggest thing we’re concerned with is our own data, specifically usernames and plain text passwords.

Most companies have patched their OpenSSL by now, but it’s better to be safe than sorry. You can use the Heartbleed Test to see whether a site you’re interested in has updated.

And what should you do? Change your Passwords. Actually, you should take this opportunity to set them so they’re different on all your services, because having the same password on everything isn’t a good idea.

If you need help keeping track of all your passwords, have a look at KeePass – it’s an app which keeps your passwords in an encrypted file which you can store on a local disk or in the cloud – Dropbox or OneDrive, for example. Once you enter the master password you can retrieve your passwords and use them wherever you need to. There are Windows, Windows store, Mac and Linux versions of the app so you won’t be out in the cold. There’s even a Firefox plugin for it.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s