Congratulations, you’ve reached your one millionth post about Heartbleed. Or maybe this is the first one you’re finally reading. Either way, if you’re looking for a quick breakdown of what Heartbleed is, what to do and how it affects SF State students, you’ve come to the right place.
So what is Heartbleed? It’s a bug in encryption software called OpenSSL. It sends malicious “heartbeat” messages over and over to servers, tricking it into giving it back code that contains user’s information that includes passwords, account information like credit cards, and secret keys.
What’s OpenSSL and why do I care? SSL stands for Secure Sockets Layer, and OpenSLL is used widely to allow computers to communicate within the security standards.
Want to understand the bug and OpenSLL better? Check out Vox’s long-form story on Heartbleed.
Why is it called Heartbleed? Because of it’s “heartbeat” attacks, it causes servers to “bleed” information on an ongoing basis. Heartbeat + bleed = Heartbleed.
How does this affect me? Change your passwords. No, I’m not playing around about that: change your passwords because Heartbleed probably already stole them. And when hackers get their hands on that information, you’re going to want it to be invalid.
Mashable has listed that Facebook, Instagram, Google, Gmail, YouTube, Yahoo, Yahoo Mail, Flickr, Tumblr, Pinterest, Amazon Web Services, Etsy, GoDaddy, Netflix, Minecraft, Soundcloud, Box, Dropbox, Github, IFTTT, OKCupid, Wikipedia, Wunderlist, and USAA all had their servers affected and passwords need to be changed.
Sites that are unclear: Twitter and WordPress.
What about SF State? According to a email from the Information Security Officer K. Mig Hoffman, SF State’s servers were not affected. But, if you send your SFSU email to your Gmail, Yahoo mail, etc., then SF State recommends you change your SFSU password.
Wait, is the problem even fixed? Apparently, servers have been patched…but not really. Fixing Heartbleed turns out to be pretty complicated, according to Bloomberg. But big sites like Facebook and Google have supposedly fixed it; it’s the smaller groups and servers that are still struggling.