OPINION

Heartbleed causing heartache

Life, James Hein, Published on 23/04/2014

» One of the hottest topics in the computing world over the past two weeks has been a problem with the security of OpenSSL named Heartbleed. The short version is that this popular security layer has had a bug for the last couple of years that allowed people to grab not only information from a computer, but also passwords and decryption keys. The fix is to go to the OpenSSL site download and apply the latest version, anything past 1.0.1f, from here, www.openssl.org/related/binaries.html. If your Android phone is 4.1.x, then download a Heartbleed detector from the Play Store and check your exposure. For the technically minded, the problem is a missing bounds check so that the attacker can grab 64KB of memory. There are code samples on the net if you want more details. I suspect that system administrators have been busy all over the world patching their machines, generating new public and private keys and notifying all users to change their passwords on affected systems. I also suspect that there will be administrators and users who will not take any steps at all, either due to laziness or hubris. There is strong evidence that you should change all your important passwords at places like banks.