Friday, April 11, 2014

Major internet security bug explained: OpenSSL Heartbleed #vmvwiki

The cryptography expert Bruce Schneier, who has been writing about computer security for more than fifteen years, is not given to panic or hyperbole. So when he writes, of the “catastrophic bug” known as Heartbleed, “On the scale of 1 to 10, this is an 11,” it’s safe to conclude that the Internet has a serious problem. The bug, which was announced on Tuesday—complete with an explanatory Web site and a bleeding-heart logo—is a vulnerability in a widely used piece of encryption software called OpenSSL.

http://www.newyorker.com/online/blogs/elements/2014/04/the-internets-telltale-heartbleed.html?utm_source=dlvr.it&utm_medium=twitter&mobify=0

Additional resources:

Mashable is compiling a list of key sites affected and whether they
have fixed it yet - once they have, you should change the password.  

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Huge list of vulnerable sites here:
https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

(Thanks Kim H-H)

No comments:

Post a Comment