Are You Vulnerable to Heartbleed?

A serious flaw has been discovered in OpenSSL – the browser encryption standard used by an estimated two-thirds of the servers on the internet. This flaw has been there for a couple of years, and allows hackers to read data stored in memory. That gives hackers access to anything in memory, including security keys, user names and passwords, emails and documents. More detail is on Gigaom and Schneier on Security.

An update to OpenSSL fixes the flaw. Anyone who has a website should ask their service provider if it affects their site, and have it updated immediately.

And for those of you still using windows XP or Office 2003 – upgrade that immediately as well. I was surprised to read this morning that as many as 30% of Windows based computers still use XP. As of today, Microsoft is no longer supporting them.


  1. Using the link supplied in the Schneier piece, I’ve checked the server that delivers Slaw and can report that all is well.

  2. Thanks, Simon. I guess most of us don’t use log-in credentials or otherwise provide Slaw with personal information, either (though a few of us regulars may do so). We don’t usually connect to Slaw through an https:// link, either, I expect. But just as well to know things are secure…

  3. John’s right: my concern about heartbleed and Slaw was misplaced. For a lovely explanation of heartbleed in graphics, by xkcd, see: