December 18, 2017

Archives for April 2014

Heartbleed and passwords: don't panic

The Heartbleed bug has captured public attention this week like few security vulnerabilities before it. This is a good thing, as indeed this is a catastrophic flaw. Many people have focused on its impact on passwords with headlines like “Security Flaw Exposes Millions Of Passwords” and “Change these passwords right now.” Heartbleed certainly¬†could¬†have been used to steal millions of passwords. However, while Heartbleed gives the security community plenty of new problems to worry about, it doesn’t introduce any problems for passwords that haven’t existed for a long time and I’d discourage widespread panic about passwords. [Read more…]

Heartsick about Heartbleed

Ed Felten provides good advice on this blog about what to do in the wake of Heartbleed, and I’ve read some good technical discussions of the technical problem (see this for a particularly understandable explanation).

Update Apr 11: To understand what Heartbleed is all about, see XKCD. Best. Explanation. Ever.

In this brief posting, I want to look at a different angle – what’s the scope of the vulnerability? [Read more…]

How to protect yourself from Heartbleed

The Heartbleed vulnerability is one of the worst Internet security problems we have seen. I’ll be writing more about what we can learn from Heartbleed and the response to it.

For now, here is a quick checklist of what you can do to protect yourself.
[Read more…]