Leave a comment

How the major sites are dealing with the 'Heartbleed' bug

How the major sites are dealing with the 'Heartbleed' bug
Photo Courtesy of Shutterstock

Everyone is talking about the "Heartbleed" bug. Click here for everything you need to know about this scary super bug. 

But what are the major websites affected saying?

Tumblr says: 

We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.

But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.

This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.

From the Google blog:

You may have heard of “Heartbleed,” a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.  Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this - and encourage others to report them - so that that we can fix software flaws before they are exploited.

Twitter says: 

We were able to determine that twitter.com and api.twitter.com servers were not affected by this vulnerability. We are continuing to monitor the situation.

Yahoo told Mashable: 

"As soon as we became aware of the issue, we began working to fix it ... and we are working to implement the fix across the rest of our sites right now." Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.

Facebook told Mashable:

We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to ... set up a unique password.

Amazon Web Services: 

We have reviewed all AWS services for impact for the issue described in CVE-2014-0160 (also known as the Heartbleed bug). With the exception of the services listed below, we have either determined that the services were unaffected or have been able to apply mitigations that do not require customer action.

- - -

Are you new to Komando.com? Over more than 20 years, I've been following the evolution of our digital lifestyle. On my weekly radio show and online every day at Komando.com, I've got great stories on protecting yourself online, data hacks, tips and tricks for all of your devices, and lots of fun too. 
Stop in when you can and see if we don't have an article or two that will make your tech lifestyle a lot easier. 
And for constant updates on tech developments, check out my blog, right here


And the winner of the 2014 Worst Company in America award goes to ...
Previous Happening Now

And the winner of the 2014 Worst Company in America award goes to ...

Apple ready to enter the screen size wars with iPhone 6
Next Happening Now

Apple ready to enter the screen size wars with iPhone 6

View Comments ()