Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday April 10 2014, @09:45PM   Printer-friendly
from the security-is-important dept.

After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.

Heartbleed, and why you should change your password

I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately

Heartbleed Bug: Change All Your Passwords

The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".

Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by demonlapin on Friday April 11 2014, @02:28AM

    by demonlapin (925) on Friday April 11 2014, @02:28AM (#29814) Journal
    So, for someone who is technically reasonably savvy but isn't a programmer, would you mind explaining why OpenSSL doesn't just use a standard malloc(), and why this opened the vulnerability (or pointing the way toward such a discussion)?
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 4, Informative) by NCommander on Friday April 11 2014, @04:54AM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday April 11 2014, @04:54AM (#29869) Homepage Journal

    The reason was doing in the name of performance as some platforms apparently have very slow malloc()/free() functionality. There's a good writeup here: http://www.tedunangst.com/flak/post/analysis-of-op enssl-freelist-reuse [tedunangst.com]

    --
    Still always moving
    • (Score: 2) by TheLink on Friday April 11 2014, @04:00PM

      by TheLink (332) on Friday April 11 2014, @04:00PM (#30117) Journal
      Anyone know which platforms are very slow? Or is it just the NSA's excuse ;).