Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The Heartburn of Heartbleed: What You Need to Know – and Do

April 14, 2014

Heartbleed is bad, but very confusing to most people. As simply as I can put it, it is a bug in OpenSSL, which many server operating systems use to provide Secure Socket Layer functionality.

How many sites are affected? The worst case scenario says that about 2/3 of Internet sites were impacted.

So what does that mean to you? First, do not panic. This bug is not as easy to exploit as some have made out. Still, caution is necessary. First, find out if sites you use are impacted. Google, Facebook and Yahoo were all impacted and have fixed their systems.

That's the critical part: There is no point in changing your password until the systems are fixed – and then, yes, it is time to change your password. CNET has a good list of the top 100 sites which you can check to see if a particular site is patched. Mashable has another list. If you want to learn more, PC World also has a site putting Heartbleed in context and there are FAQs on a New York Times blog.

Because Heartbleed theoretically allows the theft of certificate keys, SSL certificates may have to be regenerated or rekeyed – not to worry, providers will do that. Your part is checking to see which sites you use are affected and changing your password once the vulnerability has been eliminated.

The Heartbleed flaw has been around for at least two years – it was a simple coding error that never got picked up. But boy, has it caused a mess. And how could we have a mess this big without the NSA? Bloomberg reported that at least two sources familiar with the matter said that the NSA had been aware of the bug for at least two years and used it to gather critical information.

Unsurprisingly, the NSA denied the report. Equally unsurprisingly, many people doubted the NSA denial, particularly since there seems to be little question that the NSA is aware of many bugs and has used them to collect intelligence. "Informed sources allege and the NSA denies" is bound to be a recurring theme in our future.

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

The Heartburn of Heartbleed: What You Need to Know – and Do

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer