A very serious Internet security vulnerability was announced two days ago called Heartbleed. I haven’t seen this on the national news. Maybe I’ve had my head down too low these past two days. Anyway, you can Google that codename to bring yourself up to speed, but here is a summary for my non-technical readers here at WordPress. I hope I can count on my technical readers to make comments to improve this advice. I’m happy to answer more detailed questions, too.

I strongly recommend that you immediately suspend your Internet activity related to any secrets you want to protect (banking, investments, shopping, etc.) and look for an official response from each website with which you do business. For example, I looked into Evernote because I use it so much. I’m glad now that I never use it to write down secrets, but I did buy a premium subscription last week and gave them my credit card. They claim they are not affected [1], so that’s one off my list.

There is no other way to know if you have been personally affected until it is too late and your accounts are compromised, your money is stolen electronically, identity is stolen, etc. As reported, Heartbleed was an innocent coding mistake that propagated onto the Internet March 14th, 2012. It is not known if it has been exploited and it is not known if any secrets have been stolen.

Therefore, the safest (reasonable) course of action is to share your secrets only with websites that confirm they are not (or are no longer) affected by this vulnerability. If you quit the Internet over this I wouldn’t blame you, but I’m not ready to go to that extreme.

I can’t find anything with Google that convinces me WordPress is NOT vulnerable. If your WordPress account password is the same as any other website you care about, I would take the day off from work to change that password if I were you. It’s that serious. Now I’m going back to work.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s