The Internet's Bleeding Heart

Unfortunately, it's not the good/just annoying kind of bleeding heart.

If you run servers, or sit next to people who run servers, or read blogs written by or for people who run servers, you may have noticed that everyone is freaking the fuck out today.

Why? Because a vulnerability was discovered in OpenSSL, which is a software library that is used to secure communications on, like, practically every server in the world.

Some security people are saying that this bug—which is being called Heartbleed since it affects the "heartbeat" extension of OpenSSL—is one of the worst security bugs discovered in commonly-used software EVER. And the worst part is that there's really no way to know if your systems have been compromised. You can tell if they're vulnerable, but the exploit leaves no trace. Fun!

What does this mean for you? Well, it means that there's a chance that your information has been compromised, but you have no way to know, and neither does the service that may have been compromised.

So it's a good day to change all your passwords, and while you're at it, stop using the same one everywhere. But you weren't doing that, right?

Anyway, if you're so inclined you can read more about it at these fine links:
Heartbleed
Ars Technica
NYT
Techcrunch
What should site operators do about Heartbleed?

Tags: Blogs Tech Teh Internets Nerd

The Stranger depends on your continuing support to provide articles like this one. In return, we pledge our ongoing commitment to truthful, progressive journalism and serving our community. So if you’re able, please consider a small recurring contribution. Thank you—you are appreciated!

CONTRIBUTE NOW