Heartbleed Bug Vulnerability

I first heard about the Heartbleed bug from Thomas MacEntee’s Geneabloggers’ FaceBook posting on April 11th.  This is a serious encryption flaw that was in security software that became available in December 2011 (according to wikipedia.)  What did/does it do?  Names, passwords, and content that went out over the Internet to http sites were easily accessible and not protected. My understanding at this point is that https sites and specially secured sites such as credit card and banking sites were not affected.  It was discovered in March of 2014, over two years later.

I read that as early as 2010 Facebook was supposed to give their users an option to use https.  I tried to follow the directions on my Facebook account and found nothing.  Then I read a 2011 blub that they were dragging their heels on the upgrade.  Looks like they still are, unless I’m missing something.  I was almost convinced that I was being over cautious by never using my name on a social networking site.  Now I’m glad I don’t.   I’ve compiled a list of links that you might want to check out, starting with the one that I got from Thomas MacEntee.

 What the Heartbleed Security Bug Means for You from LifeHacker

Heartbleed Disclosure Timeline: Who Knew What and When  by Ben Grubb of the Sydney Morning Herald

Heartbleed from Wikipedia

‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords   from cnet.com

Heartbleed bug: Check which sites have been patched from cnet                                                                                      We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.

Heartbleed bug: What you need to know (FAQ)from cnet                                                                                                        The security vulnerability has implications for users across the Web. Here’s what the bug means for you.

Akamai Heartbleed patch not a fix after all   from cnet                                                                                                              The Web infrastructure company’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.

vea/15 April 2014
Newton Free Library
Newton, Mass
Library website:  http://www.newtonfreelibrary.net

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s