What To Do Now That The Heartbleed Bug Exposed The Internet : All Tech Considered : NPR

a thoughtful web.

commentspostsbadges

Good ideas and conversation. No ads, no tracking. Login or Take a Tour!

What To Do Now That The Heartbleed Bug Exposed The Internet : All Tech Considered : NPR · 7

thenewgreen · 3880 days ago

npr.org · #internet · #internet.thenewgreen · #netsec

tweet · htmlmarkup tips · 0

user-inactivated · 3880 days ago · link ·

There isn't much the individual user can do at this point (evidenced by NPR's excellent but irrelevant advice at the end of the article). The servers need to be updated and certificates need to be recreated, which is the responsibilities of the admins at various companies.

I haven't received any e-mails from websites telling me to change my password, which I find absolutely amazing. I don't think the scope of the potential leaks has really been understood by the companies yet. This really highlights that more resources need to be put into critical open source projects. Bugs are very difficult to find though, in any complex software. I'm not really sure how these sorts of things can be 100% prevented in the future. Open source is still the best bet for catching them though. Maybe we need more testing and review teams to comb through the source?

+discuss+discuss

–

cradle · 3879 days ago · link ·

I've received about half a dozen emails regarding heartbeat fixes, most from services I've rarely used.

+discuss+discuss

–

llagerlof · 3878 days ago · link ·

People should change their passwords of all used sites. 2/3 of all Internet is affected, so do not wait for the warning e-mails from the services you use. They could never arrive. Just go and do it. Remember, focus first on what is most important for you, like bank accounts, e-mails and notebook-sites alike. The chances you, as an individual, being affected is low but why risk?

+discuss+discuss

–

insomniasexx · 3878 days ago · link ·

True - also remember that if you used the same password in a few places, you need to change all of them. That means if you used password 123456 on a random forum 4 years ago, and also use 123456 as your password for banking, you're still potentially screwed. I'm waiting a couple more days and redoing them all. I just did this 3 months ago. What a pain in the ass.

+discuss+discuss

–

Complexity · 3877 days ago · link ·

I have a metric ArseTon (SI Units) of pass phrases for a bastardardy of sites collected in the last few years. Like kleinbl00 I run my own mailserver alongside Google hosted stuff and at last count I have upwards of 400 separate email addresses for 400 separate sites/services.

This could be a the moment to bite the bullet and move as much as I can over to 2-factor auth, at least for the large entities like Google and anything else which will let me.