This news has been out for a few days, but it’s pretty technical and I’ve debated the best way to present it to non-technical people. Essentially the protocol used to secure connections between computers and websites has a very severe vulnerability in its implementation that was just recently discovered. Problem is, the vulnerability – a tiny coding error – has been there since 2011 or 2012.
The technical details are below if you’re interested, but what it boils down to is this:
- If you own or administrate a website using OpenSSL, make sure your system is patched against the “heartbleed” vulnerability, then revoke all current SSL certificates and issue new ones.
- All user passwords to secure sites, such as E-Bay, PayPal, banking sites, etc. should be changed immediately. This means everyone who is reading this post should do this, as inconvenient as it’s going to be. Kathy and I will be reviewing all of our website passwords and implementing changes tonight.