The Tech Deck

Heartbleed: OpenSSL Vulnerability that affects EVERYONE

Hey everyone, this is really important: Avoid the internet for a while and change all your passwords to everything. This is not a joke. They discovered a bug in OpenSSL, which powers like 2/3 of the internet. It's really, really really bad.

If you are using the same password for most sites you visit, it is urgent that you change at least your banking and email accounts and any other high risk/high security websites you may use.

They've already confirmed that Yahoo is/was vulnerable along with a huge chunk of websites on the internet. Most of the major websites have already updated their software, but if they were compromised prior to that your, data and passwords still need to be changed.

To see if your website or a website you use is vulnerable, run the url against this Heartbleed test: http://filippo.io/Heartbleed/

I'll keep you posted on the status of the Spokesman-Review's websites.

UPDATE:

I confirmed with our tech support team that none of the Spokesman-Review's websites (spokesman.com, nwprepsnow.com, etc) were vulnerable to this particular bug because we were using a different version of OpenSSL. If you have any questions regarding the security of any of our sites, please email webteam@spokeman.com and we'll be happy to chat.

For more information, check out some of the following links:

Technical details:

http://heartbleed.com/

http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html

http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/

News:

http://www.bbc.com/news/technology-26935905

http://www.forbes.com/sites/jameslyne/2014/04/08/heartbeat-heartbleed-bug-breaks-worldwide-internet-security-again-and-yahoo/

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

http://www.pcworld.com/article/2140920/heartbleed-bug-in-openssl-puts-encrypted-communications-at-risk.html

Updates from popular sites:

https://blog.heroku.com/archives/2014/4/8/openssl_heartbleed_security_update

http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html




You must be logged in to post comments. Please log in here or click the comment box below for options.

comments powered by Disqus
« Back to The Tech Deck
Daniel Gayle
Dan Gayle is an online developer for The Spokesman-Review who blogs occasionally on the Tech-Deck when not busy breaking the rest of the site.

Follow Dan online:






Close

Sections


Profile

Close

Contact the Spokesman

Main switchboard:
(509) 459-5000
(800) 338-8801
Newsroom:
(509) 459-5400
(800) 789-0029
Customer service:
(800) 338-8801