For my generation, the tech world is as much a burden as it is a blessing. Now Heartbleed!


For my generation, the tech world is as much a burden as it is a blessing. Now Heartbleed!

Here are some ideas about how protect yourself

ZDNet’s Heartbleed worldwide coverage
Heartbleed’s lesson: Passwords must die
With the multitudes of accounts we have to deal with for email, social networking and other applications that require password authentication, we need a better solution.

Worried about Heartbleed? LastPass’ Security Check has you covered
LastPass has updated its built-in Security Check so that you can now easily see which sites require you to update your passwords to be safe from possible Heartbleed attacks.

How the NSA shot itself in the foot by denying prior knowledge of Heartbleed vulnerability
In admitting it didn’t know about a massive security flaw in one of the Web’s most used encryption libraries, the NSA inadvertently revealed a massive institutional failure.

CloudFlare keys snatched using Heartbleed
CloudFlare’s analysis Friday that Heartbleed may not be able to recover private keys turns out to be wrong. Two candidates recovered the keys from their challenge server.

SANS warns end users against Heartbleed patch panic
While Heartbleed client-side attacks are possible, the SANS Institute warns that home users rushing to patch are more at risk of falling for scams — but change passwords regardless.

Private keys may be inaccessible to Heartbleed
[UPDATED] Research by CloudFlare indicates that Heartbleed can be used to obtain contents of server memory, but not private keys.

Before Heartbleed: Worst vulnerabilities ever?
There have been some pretty bad vulnerabilities before Heartbleed. Is it really any more severe than CodeRed or Blaster?

Android fragmentation turning devices into a toxic hellstew of vulnerabilities
With vulnerabilities such as Heartbleed and Pileup likely to go unpatched on tens, if not hundreds of millions of Android devices, the platform is fast becoming a toxic hellstew that should send chills down the spines of IT admins.

Apple’s iOS, OS X don’t have Heartbleed bug but BBM for iOS and Android do
Apple iOS and OS X devices aren’t affected by the Heartbleed bug, but BlackBerry’s BBM and Secure Work Spaces are — and the company says it lacks a fix for the issue.

Heartbleed’s engineer: It was an ‘accident’
The programmer responsible for code leading to Heartbleed says the flaw was accidental, despite its catastrophic consequences.

Heartbleed soul-search: regulation proposed for critical crypto code
Sophos’ James Lyne delivers an impassioned speech on how we got to the point Heartbleed was possible and why we shouldn’t be surprised it happened.

Lagging Android devices vulnerable to Heartbleed
Lack of patches and upgrade paths for Android is leaving devices vulnerable to Heartbleed exploits, security researchers from the SANS Institute and Sophos have said.

How to protect yourself in Heartbleed’s aftershocks
The companies know what to do about Heartbleed now. Here’s what you, as an individual, need to do now.

Cisco, Juniper products affected by Heartbleed
[UPDATE] Many networking products, including hardware, also run OpenSSL, the critical software component with a severe information disclosure vulnerability.