> Skip to content
FEATURED:
  • The Evolution of Race in Admissions
Sign In
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
Sign In
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
Sign In
ADVERTISEMENT
Profhacker Logo

ProfHacker: A Not-so-gentle Reminder about Security: Heartbleed

Teaching, tech, and productivity.

  • Twitter
  • LinkedIn
  • Show more sharing options
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
  • Copy Link URLCopied!
  • Print

A Not-so-gentle Reminder about Security: Heartbleed

By  Amy Cavender
April 11, 2014
Bleeding hearts

A couple of days before yesterday’s post was scheduled to run, we started hearing about the Heartbleed Bug.

This is a nasty one. It’s been out for quite a while, and it’s a flaw in a software library that’s used by a very high number of websites. Check the link above for the details of just how nasty the bug is.

We’re sorry. Something went wrong.

We are unable to fully display the content of this page.

The most likely cause of this is a content blocker on your computer or network. Please make sure your computer, VPN, or network allows javascript and allows content to be delivered from c950.chronicle.com and chronicle.blueconic.net.

Once javascript and access to those URLs are allowed, please refresh this page. You may then be asked to log in, create an account if you don't already have one, or subscribe.

If you continue to experience issues, contact us at 202-466-1032 or help@chronicle.com

Bleeding hearts

A couple of days before yesterday’s post was scheduled to run, we started hearing about the Heartbleed Bug.

This is a nasty one. It’s been out for quite a while, and it’s a flaw in a software library that’s used by a very high number of websites. Check the link above for the details of just how nasty the bug is.

What can readers do to protect their data?

ADVERTISEMENT

An important part of the necessary response is beyond any individual user’s control. If a website was using the affected version of OpenSSL, its administrators have to apply the needed patch; until they do, the site is still vulnerable (and there may not be much point to changing your password until the patch is applied). CNET is keeping (and updating) a list of the top 100 sites with information about whether they’re still vulnerable, have been patched, or weren’t vulnerable in the first place; it’s a good place to keep checking.

This is also a good time to pay attention to those emails (that you might ignore at other times) from the services you use most frequently; while such emails are frequently little more than advertising, this time around they might not be. At least open them up to check.

You might not want to depend on CNET’s list or wait for those emails, though. Some makers of password managers are currently providing online checkers, as PCWorld noted April 9. Those checkers might not be perfect, but they’re not a bad place to start.

Once a vulnerable site is patched, things are back in your hands, and it’s time to change your passwords on the affected sites. Here’s where a password manager may, once again, be a very useful tool, as it can generate strong passwords for you that you needn’t remember, so long as you can recall your master password. And two-factor authentication is still worth the time and trouble.

Did the Heartbleed Bug affect many of the sites you use? How well did those sites do with communication regarding the bug? Has the situation been resolved? Let us know in the comments.

ADVERTISEMENT

[CC-licensed image by Flickr user Steve Brand]

ADVERTISEMENT
ADVERTISEMENT
  • Explore
    • Get Newsletters
    • Letters
    • Free Reports and Guides
    • Blogs
    • Virtual Events
    • Chronicle Store
    • Find a Job
    Explore
    • Get Newsletters
    • Letters
    • Free Reports and Guides
    • Blogs
    • Virtual Events
    • Chronicle Store
    • Find a Job
  • The Chronicle
    • About Us
    • DEI Commitment Statement
    • Write for Us
    • Talk to Us
    • Work at The Chronicle
    • User Agreement
    • Privacy Policy
    • California Privacy Policy
    • Site Map
    • Accessibility Statement
    The Chronicle
    • About Us
    • DEI Commitment Statement
    • Write for Us
    • Talk to Us
    • Work at The Chronicle
    • User Agreement
    • Privacy Policy
    • California Privacy Policy
    • Site Map
    • Accessibility Statement
  • Customer Assistance
    • Contact Us
    • Advertise With Us
    • Post a Job
    • Advertising Terms and Conditions
    • Reprints & Permissions
    • Do Not Sell My Personal Information
    Customer Assistance
    • Contact Us
    • Advertise With Us
    • Post a Job
    • Advertising Terms and Conditions
    • Reprints & Permissions
    • Do Not Sell My Personal Information
  • Subscribe
    • Individual Subscriptions
    • Institutional Subscriptions
    • Subscription & Account FAQ
    • Manage Newsletters
    • Manage Your Account
    Subscribe
    • Individual Subscriptions
    • Institutional Subscriptions
    • Subscription & Account FAQ
    • Manage Newsletters
    • Manage Your Account
1255 23rd Street, N.W. Washington, D.C. 20037
© 2023 The Chronicle of Higher Education
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin