Exploring Information Security

View Original

OpenSSL Heartbleed Links April 10, 2014

This is really serious stuff people. If you haven't been paying attention to the Heartbleed bug news, now is the time. Below are some links to get you started.

Everything you need to know about the Heartbleed Bug - Timothy B. Lee - Vox

Pretty good description and intuitive layout to get to know everything about the Heartbleed Bug.

Heartbleed - Codenomicon

This site is kind of, sort of, the official site of the Heartbleed bug. It was up very quickly and gives a lot of detail on the latest vulnerability to rock the internet.

Heartbleed Bug: What Can You Do? - Brian Krebs - Krebs On Security

If you're wondering what you should be doing in regards to this vulnerability, Brian lays it out clearly in this post. Get ready to reset a lot of passwords.

The Heartbleed Hit List: The Passwords You Need to Change - Mashable

Okay so the full title is "The Passwords You Need to Change Right Now," which is being a little melodramatic (it's a ratings based site, they're looking for the clicks). Before you go running to change passwords make sure the websites that have been vulnerable have fixed the vulnerability. There is no sense in changing a password if they're still vulnerable because your new password would be immediately vulnerable. If a site offers two-factor authentication, turn it on (Google has it). To check websites there are a number of sites (and Chrome addons) you can use. Here are the ones I've used:

Heartbleed test

SSL Server Test - Qualys

 

 

 

 This post first appeared on Exploring Information Security.