I first heard about the Heartbleed bug from Thomas MacEntee’s Geneabloggers’ FaceBook posting on April 11th. This is a serious encryption flaw that was in security software that became available in December 2011 (according to wikipedia.) What did/does it do? Names, passwords, and content that went out over the Internet to http sites were easily accessible and not protected. My understanding at this point is that https sites and specially secured sites such as credit card and banking sites were not affected. It was discovered in March of 2014, over two years later.
I read that as early as 2010 Facebook was supposed to give their users an option to use https. I tried to follow the directions on my Facebook account and found nothing. Then I read a 2011 blub that they were dragging their heels on the upgrade. Looks like they still are, unless I’m missing something. I was almost convinced that I was being over cautious by never using my name on a social networking site. Now I’m glad I don’t. I’ve compiled a list of links that you might want to check out, starting with the one that I got from Thomas MacEntee.
What the Heartbleed Security Bug Means for You from LifeHacker
Heartbleed Disclosure Timeline: Who Knew What and When by Ben Grubb of the Sydney Morning Herald
Heartbleed from Wikipedia
Heartbleed bug: Check which sites have been patched from cnet We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.
Heartbleed bug: What you need to know (FAQ)from cnet The security vulnerability has implications for users across the Web. Here’s what the bug means for you.
Akamai Heartbleed patch not a fix after all from cnet The Web infrastructure company’s patch was supposed to have handled the problem. Turns out it protects only three of six critical encryption values.
vea/15 April 2014
Newton Free Library
Library website: http://www.newtonfreelibrary.net