Wednesday, April 9, 2014

Simple questions and answers on Heartbleed

Q: What is "Heartbleed", and why should I care?
A: Well, "Heartbleed" is a computer bug that allows a hacker to beat the OpenSSL encryption your browser uses to create a secure connection. It's similar to the SSL bug on Apple devices we mentioned six weeks ago, except this one affects everybody.

Q: Even me?
A: Everybody.

Q: Ok, so what do I do?
A: Normally I'd say change your passwords to all your sites, but it's not so cut and dried. Most of the big names have fixed their websites, but certain sites like Netflix and Tumblr haven't gotten around to patching the hole yet. And if you went to Netflix now to change your password, you'd still be just as vulnerable.

Q: No, seriously - what do I do?
A: If you use a password service like LastPass (which uses OpenSSL, but also multiple additional encryption layers) you can run their Security Check feature to see which ones are safe to change, and which ones you need to wait on.
Or you can visit the Heartbleed test tool at and enter the name of the website you want to test. If they haven't fixed it yet, DON'T visit that site. Just wait until it shows all clear, then go in and change that password.

-Trenton Higareda