The A List Apart Blog Presents:

The Heartbleed Bug (or: You Should Consider SSL Unsafe for a While)

Article Continues Below

If you run a server that uses SSL and the OpenSSL library, you need to update it. If you regularly visit a site that uses SSL (and I can’t imagine you don’t), you should try to limit your visits today. Once the dust has settled, we should all change our passwords. Pretty much everywhere.

In short, yesterday the OpenSSL Project released an update that addresses a vulnerability in the OpenSSL library. Officially named CVE-2014-0160, the Heartbleed bug has been around—and un-identified—for a long time. It’s not known if the vulnerability has been exploited, but it’s theoretically possible that someone has been snooping on transmissions we thought were secure. It’s very likely that bad guys are snooping on un-patched servers now, so be careful which services you log in to today.

Visit Heartbleed.com for a lot more information, and anyone running a server should consider these words from Cody Sorland:


Be careful out there.

1 Reader Comments

Got something to say?

We have turned off comments, but you can see what folks had to say before we did so.

More from ALA

Cross-Cultural Design

In this excerpt from Cross-Cultural Design, Senongo Akpem discusses the many facets of typography that must be considered when you are looking to reach a global audience.
Design

Making Room for Variation

In this excerpt from Expressive Designs Systems, Yesenia Perez-Cruz goes deep on what it takes to create design systems that enables intentional, meaningful variation.
Design