Theoretical Ideations Heartbleed Status

I just finished patching everything, and Theoretical Ideations is now Heartbleed free. If you want to know the details, go read about it here.

The short version is this: a bug was discoverd in an open source software project called OpenSSL. OpenSSL is the software that does encryption and decryption for most of the web. When you visit an https:// website and you see that little lock icon in the taskbar, that's OpenSSL at work.

This particular bug is very very scary. This bug allows a malicious attacker to decrypt traffic so that they can steal passwords, credit card numbers, bank account information, and so on.

What's worse, this bug has existed for over 2 years and was just discovered yesterday by whitehat hackers (i.e. benevolent hackers who try and find security vulnerabilies with the intention of getting them fixed). It is not known how long blackhat hackers (i.e. ones that want to steal and/or break things) have known about this bug.

Everyone should take action. If you run a website, make sure that all of the server software is patched and up to date as of today (April 8th, 2014). OpenSSL has issued a fix, and most Linux distros have issued fixes as well (including Ubunto 12.04 LTS).

If you use the internet at all (which if you're reading this website then you obviously do), then go change your passwords. Ideally you should change all of your passwords, but of course this is very difficult. If nothing else, change your password for important accounts (email, banking, shopping, etc).

When dealing with security for online websites, the single most important thing you can do is to use a different password for each website. Remembering all of these passwords isn't really possible, so it's best to use a password manager. I recommend 1Password or KeePass. I use 1Password myself and it is quite possibly the most invaluable piece of software I use.