This page has moved to a new address.

Heartbleed Info

Thursday, April 17, 2014

Heartbleed Info

Because I have failed my duties as a blogger who not only aims to philosophical and religious discussions, but also posts about internet security and data privacy by not writing anything formal about the massive "Heartbleed" exploit in the openSSL protocol, I will provide the following videos if anyone is still interested.

So while it is too late for me to write a dedicated post (given the sheer number that exist), there are a few videos that are important for the layperson to see if they want to understand what "Heartbleed" actually is.

The first is a video from Elastica Inc. explaining the "Heartbeat" program in openSSL:

The next is a video by Lynda indicating what companies are doing to fix the exploit as well as what you should once a company has fixed the exploit (you can check to see if a company has fixed the exploit using this handy tool by LastPass):

Additionally, if sites offer it, you should enable two-step verification and you can read how to do that here.

And finally, a wise thing to do is to utilize a password manager (I explain them indepth here) and change them if needed. For instructions on how to use a password manager efficiently, please see my explanation here.

Labels: , , , , , , , , , ,


At April 18, 2014 at 3:25 PM , Blogger Stephen Kawamoto said...

Great video.

Now can you exploit Heartland in 140 characters or less?

At April 18, 2014 at 3:26 PM , Blogger Stephen Kawamoto said...

My bad, Heart Bleed.

At April 18, 2014 at 9:45 PM , Blogger Peter said...

Do you mean "explain" as opposed to "exploit"? Because I don't know how to exploit the security of secure protocols nor would I want to contribute to the effort to undermine the security of encryption.

If you mean explain, I can! "Heartbleed is an exploit in the protocol used to encrypt traffic online. The exploit can give an attacker access to sensitive information."


Post a Comment

Subscribe to Post Comments [Atom]

<< Home