Wednesday, April 9, 2014

Openly Secure

By now you’ve probably heard that the Internet is broken. Specifically, a piece of software called OpenSSL (which stands for the only slightly oxymoronic “open secure socket layer”) is not so secure.

A flaw discovered last week allows hackers to access your private information … passwords, emails, even your most intimate cat pictures.

And not just the NSA.

In fact, once the existence of the flaw, with the cheerful nickname Heartbleed, was revealed, software developers hastened to demonstrate their expertise by publishing detailed instructions for exploiting this weakness.

Users are advised to change their passwords immediately. Make sure your passwords are at least 8 characters long, and that they include upper- and lower-case letters, digits and punctuation marks. Just don’t use “Sc00by-d00”. That’s mine.


Josh Goldman said...

I think that the actual recommendation is "Make sure you change your password after the web site you are using has patched their open SSL." Now, how do you tell when the not-so-secure web site has made the patch? Not so clear.

Peter Davis said...

I think you have to keep trying the exploit until it no longer works. Then you know the server has been updated.