News about the heartbleed bug spread rapidly--although, as is often the case, no such news can ever come soon enough. Nothing quite addressed my early questions about the Heartbleed bug like Randall Monroe's most recent comic in XKCD:
naturally, an understanding of the nature of Heartbleed only paved the
way for more, increasingly frantic, questions. As a non-health care,
minimal-impact internet user, I was concerned. Does this truly affect me? In what way(s)? Is my phone safe? (What do you mean, “No?”) What can I do to protect against a problem like Heartbleed?
Fortunately for users like me, the author of the heartbleed bug test site, 19-year-old Filippo Valsorda, conducted an AMA on Reddit Tuesday evening.
In his comments, Valsorda provides three quick tips to the average
internet user concerned with defending her/himself from Heartbleed:
Install the Chromebleed or Foxbleed browser extension and do not log into the sites that trigger an alert.
hard about all the important accounts you have, and change the
passwords there (always a good thing). REMINDER: using different
passwords is more important than using complex ones, write them down on
paper if you need!
Wait for statements by the affected websites about what might have been leaked.
terms of external threats to your safety, it seems that most of the
sites and systems affected have worked quickly to curtail any further
problems. Dan O’Shea, Managing Editor at LightReading, notes that “Cisco
Systems and Juniper Networks are among the latest technology companies
working to address potential problems related to the Heartbleed OpenSSL
bug.” And this list,
compiled by a team at Mashable, examines the popular sites that were
affected and provides updates on their statuses with regard to the bug.
It is with great relief that I inform you that because the
YourMembership.com platform doesn’t utilize OpenSSL, users of the YM
platform (which include OSHEAN) were not impacted by Heartbleed.
So what’s on the horizon, and how can the next Heartbleed be prevented? Nathanial Mott, contributing writer to PandoDaily, has some interesting thoughts.
Mott proposes that Heartbleed represented a “digital version of the
bystander effect…[t]his is like that, except it threatens the foundation
of online security, and the crowd is so massive that it’s amazing that
anyone even bothered to look for the Heartbleed bug in the first place.”
It won’t be easy, but now come the long-overdue repair efforts, and
hopefully more updates as things progress.