The past week as been one of Heartbleed coverage. I read all the stuff saying to change passwords, etc but I was thinking, what is it?
Its a vulnerability in Openssl, specifically version 1.0.1, any site with a version before this (such as Last.fm) isn’t affected. An implication of the SSL protocol which is used to secure communications on the internet. Thus, it matters not what device or browser you are using for interacting /connecting with sites. Simply, ANY data transmitted is at risk of compromise and is able to be read by anyone with access to the data. This includes both on the net servers and also Ubuntu and other Linux’s which use the protocol. For more details check out http://heartbleed.com/ they say and know it better than I!
How is it fixed? A patch has been available since the problem was found and most sites have updated as well as mint linux (I checked my machine updates). Check here for a list of sites which are/were or maybe affected http://www.cnet.com/uk/how-to/which-sites-have-patched-the-heartbleed-bug/
The user is highly advised to change passwords, etc has these would have been able to be read within the encrypted data. However, the first responses that I saw were headlines of change passwords now! Don’t, check the above list and then, only then change your passwords when the website has carried out the fix. From what I have read it isn’t a good idea to do it before as it will still able to be read. Do it after!
This is what I have come up with but what I don’t understand is this. Why is something so important only maintained and developed by a few volunteers and has from what understand, has under £2000 a year donations?
This whole thing has made me think of password security, web security, etc. Maybe its time for improvement.
If I am wrong on of the above, please comment and I will make adjustments to correct the mistakes.