Do you need to worry about the Heartbleed bug?

The Heartbleed Bug has infected lots of servers using OpenSSL for the past 2 years, but was only recently discovered. Your cloud services and other internet services might use this. Are you affected and do you need to reset your password?

10 Apr, 2014

BBC Screenshot - Heartbleed BugThe BBC and other media networks carried a news story this week about a new vulnerability that has been discovered in a widely used, but probably unknown to most, software library.

OpenSSL is used on around 66% of the internet to protect sensitive information (names, passwords etc.) when it passes from one server to another. A fix is available, which all providers are now applying. As a result of this you might be advised by your cloud service providers to change your password. For example, I just received an email from (if you have a number of social media accounts you should check Buffer out). They had to apply the fix and advised me to change my password – which I have done!

You should also think about your website.

Those of you that host your site with DMJ are not affected – the version of OpenSSL we use is not vulnerable to this attack. However, if you host elsewhere it might just be worth pinging an email to your web hosts to ask if you need to reset your account password.

Sensible advice about passwords

Everyone should be aware of just how easy it is for malicious ‘types’ to bombard email accounts, social media accounts and websites with login attempts using popular username and password combinations. As these attempts are typically automated, hackers can submit thousands of login attempts in the space of a few seconds. So, if you have an easy to guess username and password you are easy prey.

So here are our common sense top password tips

1. Don’t use an easy to guess password – here’s a list of the 25 worst passwords. If your password is on this list please come and see us after school. There are plenty of online password generation services, if you cannot think up anything original;

2. Use 2-step authentication whenever it is offered to you – even if it looks like a pain to install;

3. Try not to use the same passwords for different applications;

4. Don’t share your passwords with other people – or if you do, remember who they are in case you ever fall out;

5. Don’t assume your passwords are safe if you store them on a Cloud application (such as Dropbox). Take a look at Spideroak if you want to store sensitive data in the cloud.

You might also want to look into using a service such as LastPass to store your passwords.

Edited : Mashable are maintaining a list of sites where you’ll need to change your passwords here.

What services do you use that have been affected? Did they report anything more serious than a ‘please rest your password’?

Drop a comment below to let us know.


Submit a Comment

Your email address will not be published. Required fields are marked *

You may also like…

5 Top Website Resolutions for 2018

5 Top Website Resolutions for 2018

Not taken a look at your website for a while? Check out our 5 top website resolutions to help you punch above your weight when competing for traffic and engagement.

How do I choose the right blog post topic?

How do I choose the right blog post topic?

Trouble finding the right blog post topic for your audience? Stop! Don’t just start writing…

Take a look at our ideas on how to generate worthy topics for your blog first

Share This

Please share if you've liked reading this

Share this post with your friends! It really helps us, and lets us know which content visitors like best - so we can write more like that!