Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Plain-English Explanation of Heartbleed for Social Networks
1 point by zamalek on April 11, 2014 | hide | past | favorite
My best effort to use layman terms while still conveying how serious the issue is. Feel free to copy/paste to a social network to educate your friends, family and stalkers:

You should change your password on all internet services you care about immediately. Not as soon as possible, right now.

Before changing your password on a service you should make sure that they have applied the fix for the issue, if they have not wait until they do or preferably delete your account/personal information. Lastpass have provided a helpful tool that will determine if a website has the problem and will give you a recommendation about what you should do.

A few days ago a severe security issue was identified with one of the most fundamental systems of the Internet; this issue has been present since January 1st 2012. In a nutshell, the green padlock that banks tell you to look out for on their website (HTTPS) has not only been a false guarantee since 2012; it actually exposed your information more than websites without it. The issue has been fixed, but it is the responsibility of the websites to apply that fix to their systems.

At this point it is a reasonable guarantee that a hacker somewhere has your passwords. You may also want to keep a close eye on your credit card if you have used it on the Internet during the past two years. Ordering a new one from your bank would not be overly paranoid.

This may include internet services other than websites, such as the email account your ISP may provide for you or even Skype.

Technical information about the issue: http://heartbleed.com/

Lastpass ‪#‎Heartbleed‬ checker: https://lastpass.com/heartbleed/



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: