As you all start hearing about heartbleed and all of the BAD computer stuff its doing...some recommendations (from Karen Walker) 1. You will need to change all your passwords. 2. You should *only* change your passwords after verifying the site has been fixed. Use filippo.io/Heartbleed/ to check. For banks and such, theyll probably also tell you when theyre secured. 3. Please, please take this opportunity to get started with a password manager like 1Password or Lastpass. Long version: The heartbleed vulnerability is real, and a bug in one of the lowest levels of security across the internet. Around 70% of the secure web is compromised, and has been for about two years. In that time, assume that everything youve done is potentially compromised. (This is why changing all your passwords matters.) This ones a complete worst-case scenario for internet security, and a lot of questions are going to be asked on how this got missed. However, the good news is that the system does also work. The vulnerability has been fixed, and now, all we have to do is change all the locks. Conceptually, its as if someones had a spare key to all the websites for years. Web professionals (like me) are working frantically to update our servers, and change the locks. Ive done four sites tonight. If you know anyone working in Internet, give them a hug at some point in the next week. Also, on behalf of all of us, a) were more terrified/freaking out than you are, and b) were sorry. You trust us, and we missed this one. Well get it fixed. As for my final point, password managers are awesome. They let you have one ultra-secure password you remember, and then random, unique crap like 12p9jozo38a$13^jfi as passwords for all your sites. This is Really Really good. Sites get hacked all the time, and will continue to throughout your life. Password managers isolate you from this - site gets hacked, you generate a new password for it, change just that one, and youre done. The hardest part for people in moving to a password manager is the pain-in-the-ass of changing *all* your passwords, *everywhere*. That sucks. However, good news! Youre going to have to change all your passwords anyway in the coming weeks. Take this opportunity to make this a win for you, your mental health (no more did I reverse the last two letters? Add a 1?), and your security. Thank you for reading. You are now properly informed. Please ignore the half-baked screams from the media now, and continue on your day. After you get a password manager.
Posted on: Wed, 09 Apr 2014 21:22:57 +0000
Trending Topics
Recently Viewed Topics
© 2015