'Heartbleed' bug raises concerns for journalists, too

Krebs on Security | The New York Times | TechCrunch | PCWorld

A bug in some versions of OpenSSL, nicknamed "Heartbleed," is "extremely critical," Brian Krebs writes:

Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.

(Poynter.org "doesn't appear to be vulnerable," Krebs says in an email. Phew!)

But companies -- including publishers -- should upgrade OpenSSL immediately, and the rest of us Internet users (including perhaps journalists who use Web-based email) should "change their passwords this week," Krebs writes.

Emphasis on "this week": "Immediately changing passwords could feed a new password into a website that has not fixed the flaw," Steve Lohr writes in The New York Times.

Users will largely need to depend on individual sites to notify them about whether the flaw has been addressed. Many major web services, like Yahoo, have already released such notices.

"Even if you’ve never heard of OpenSSL, it’s probably a part of your life in one way or another," Greg Kumparak writes in TechCrunch.

The apps you use, the sites you visit; if they encrypt the data they send back and forth, there’s a good chance they use OpenSSL to do it. The Apache web server that powers something like 50% of the Internet’s web sites, for example, utilizes OpenSSL.

"It’s unclear if attackers have been exploiting the flaw over the last two years, which was just publicly revealed on Monday," Jeremy Kirk writes in PCWorld. "But attacks using the flaw 'leaves no traces of anything abnormal happening to the logs,' the researchers wrote."

Related: Here’s everything you need to know about the Heartbleed web security flaw (Gigaom) | Tech reporter Brian Krebs hacks it on his own, one scoop at a time (Poynter)

  • Andrew Beaujon

    Andrew Beaujon reported on the media for Poynter from 2012 to 2015. He was previously arts editor at TBD.com and managing editor of Washington City Paper. He's the author of the 2006 book "Body Piercing Saved My Life," about Christian rock and evangelical Christian culture.


Related News

Email IconGroup 3Facebook IconLinkedIn IconsearchGroupTwitter IconGroup 2YouTube Icon