Heartbleed Security Hole In OpenSSL

An attempt … to quench some heartburn over the Heartbleed security hole.  Digest this opinion before you rush in a panic to comply with mainstream news suggestions.

Take a breath.  Evaluate before you over-react.
Take a breath. Evaluate before you over-react.

First, can we all just take a breath? News agencies like MSNBC and FOX thrive on viewers.  Viewers respond to two basic kinds of content:

  • Threats, Disaster and Rumor
  • Salaciousness

The news carried to the masses recently on Heartbleed has conformed to the first point.

OpenSSLShort of consuming the technical details discussed in various forums , you won’t be able to comprehend some of the whys and wherefores.  But it raises the question — who’s advice are you trusting where your personal tech and office tech are concerned?

Some facts that are important to understand:

  • The security hole generating panic is more than two years old
  • It affects a certain swath of web servers (Amazon is an example)
  • It’s quite likely your accounts are under observation by at least a few other means

Some advice:

  1. Don’t rush out to change passwords everywhere.   Change the ones at your bank, after checking with them first.  If they send you an email, follow the instructions ASAP.
  2. Do subscribe to a password management tool.  I like to keep mine in the “Cloud.”  I use both Apple ICloud (personal items) and this one: http://passpack.com for professional purposes.
  3. Always try to improve your “Password Hygiene” – change them regularly, use complex phrases. Avoid personally identifiable characteristics (like pet names.)
  4. Begin to deploy multi-factor authentication.  Google offers this as do many others. There are a range of options learn about the basics courtesy of Amazon: http://aws.amazon.com/iam/details/mfa/
  5. Use the internet like you’re aboard the Washington State Ferry commuting from Seattle to Bainbridge Island.  Assume that everything you talk about is overheard.  Assume that every connection you use is monitored.

Unfortunately, sometimes we should just wait and see.  Nerve wracking. Certainly.

The effort you extend in a panic to change everything right now, might be wasted.  Either because it’s actually unneeded or that you’ll be asked to do it again soon.

 

 

 

Advertisements

One thought on “Heartbleed Security Hole In OpenSSL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s