The Heartbleed bug

| 0 comments

A bug in some security software has potentially compromised Internet security.

Many news reports urge you to change your passwords immediately, but that is not the full story.  It is of limited use changing a password for a Web site until the bug, if ever present on that site, has been fixed there.

Here’s a useful facility to test whether a Web site is (still) vulnerable.

There is also a possibility that a site’s security certificate has been compromised and that private keys have been discovered.  This is potentially very bad news and some organisations will probably revoke certificates and issue new ones.  However, some Web browsers do not accept certificate revocation by default, particularly Google Chrome.  See a report on this here.

Good information about this bug may be found on the following Web sites:

heartbleed.com

http://www.troyhunt.com/2014/04/everything-you-need-to-know-about.html

This also serves as a valuable reminder to treat your passwords with respect – the only secure password is the one you can’t remember.  We must always make the assumption that passwords will eventually be compromised and that they must be both strong and unique which means that, if they can easily be memorised, they’re probably not too good.

And, of course, they should be changed regularly.

Author: StLukesRA

St Luke's Residents' Association

Leave a Reply

Required fields are marked *.


This site uses Akismet to reduce spam. Learn how your comment data is processed.