Imminent Death of the Net

[drplokta]

The "Heartbleed" SSL vunerability released last night (UK time) is a bad one, to the extent that I recommend being careful when accessing sensitive websites (webmail, online banking, etc.) for the next month or so, especially when you're on an untrusted network (e.g. someone else's wifi). If you know how, it's worth checking the SSL certificate details and being suspicious of any certificate issued before today's date.

http://techcrunch.com/2014/04/07/massive-security-bug-in-openssl-could-effect-a-huge-chunk-of-the-internet/?ncid=twittersocialshare

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

Comments

[ffutures.livejournal.com]

I think you just explained why I can't access several sites today - I think some very hasty patching is going on.

[gerisullivan.livejournal.com]

Many thanks for your post on this. I read the links, deciding not to access any https websites until I learned how to check their security certificates. In the past, I've only seen them when they're out of date or my browser thinks something else might be wrong with them.

I've talked through stuff with a couple of my computer security-savvy folks on this side of the Pond and poked enough to be comfy with the process. Fortunately, I don't have any regular bills coming due for a few weeks, and I can mail them in rather than paying them online this month if my sensitive sites are still running on old certificates then. I am going to mail my taxes in rather than submitting them electronically. Anything else is just too much exposure -- the free fillable forms are on a site whose SSL certificate dates back to November. Normally not a problem. But this week isn't normal.

So, again, thanks. Without your post, I could well have not known to go looking for further info.