Do you need to worry about the Heartbleed bug?

The Heartbleed Bug has infected lots of servers using OpenSSL for the past 2 years, but was only recently discovered. Your cloud services and other internet services might use this. Are you affected and do you need to reset your password?

10 Apr, 2014

BBC Screenshot - Heartbleed BugThe BBC and other media networks carried a news story this week about a new vulnerability, the Heartbleed bug, that has been discovered in a widely used, but probably unknown to most, software library.

OpenSSL is used on around 66% of the internet to protect sensitive information (names, passwords, etc.) when it passes from one server to another. A fix is available, which all providers are now applying. As a result of this, you might be advised by your cloud service providers to change your password. For example, I just received an email from (if you have a number of social media accounts you should check Buffer out). They had to apply the fix and advised me to change my password – which I have done!

You should also think about your website.

Those of you who host your site with DMJ are not affected – the version of OpenSSL we use is not vulnerable to this attack. However, if you host elsewhere it might just be worth pinging an email to your web hosts to ask if you need to reset your account password.

Sensible advice about passwords

Everyone should be aware of just how easy it is for malicious ‘types’ to bombard email accounts, social media accounts, and websites with login attempts using popular username and password combinations. As these attempts are typically automated, hackers can submit thousands of login attempts in the space of a few seconds. So, if you have an easy-to-guess username and password you are easy prey.

So here are our common sense top password tips

1. Don’t use an easy-to-guess password – here’s a list of the 25 worst passwords. If your password is on this list please come and see us after school. There are plenty of online password-generation services if you cannot think up anything original;

2. Use 2-step authentication whenever it is offered to you – even if it looks like a pain to install;

3. Try not to use the same passwords for different applications;

4. Don’t share your passwords with other people – or if you do, remember who they are in case you ever fall out;

5. Don’t assume your passwords are safe if you store them on a Cloud application (such as Dropbox). Take a look at Spideroak if you want to store sensitive data in the cloud.

You might also want to look into using a service such as LastPass to store your passwords.

Edited: Mashable is maintaining a list of sites where you’ll need to change your passwords here.

What services do you use that have been affected? Did they report anything more serious than a ‘please rest your password’?

Drop a comment below to let us know.


Submit a Comment

Your email address will not be published. Required fields are marked *

You may also like…

Why is my website traffic falling in Google Analytics?

Why is my website traffic falling in Google Analytics?

Have you noticed your website traffic falling over the past few years? If you use Google Analytics, you may be seeing a decline in traffic. This might not be a genuine decline. We explore the reasons for this in our article.

The Benefits Of Regular Website Updates

The Benefits Of Regular Website Updates

We think it’s important to continually update your website to keep it secure, load fast, and provide the content your visitors need. Find out what website updates you need, and what you need to do to get them done.

Share This
Martin Jarvis

Martin Jarvis

I typically reply within an hour

We're here Monday - Friday during UK working hours. Drop us an email and we'll get back to you.

Martin Jarvis
Hi. It's Martin here. How can I help you?
Start Chat with: