Heartbleed? What?

by Chikashi

Unless you have been under a pretty big rock, you have heard or read about the Heartbleed bug. Based on the reports, it is a serious and widespread security problem across the entire Internet. There has been some chatter about the fact that the NSA knew about it and kept quiet, possibly because they wanted to exploit the vulnerability for their own use. To be honest, the discussion about the NSA is so abstract to me that it is almost irrelevant. However, I do wonder about something much closer to my little world and likely your little world, as well.

The world has been talking about Heartbleed for more than a week now. Like many people, I have numerous accounts on the web: email, social media (like this one), e-commerce, banking, charity, etc. The list is quite a long one, as I realised. You would think that service providers and web site owners would contact you without delay to inform you about Heartbleed and to urge you to change your passwords immediately, regardless of whether you have been hiding in a cave the last couple of weeks.

But, no. Most, including WordPress, have not bothered. When they are not actually trying to sell you something, their restraint is quite remarkable.

I received just 2 emails to explain why I should change my password promptly: one from social media platform Tumblr and the other from charity challenge organisers Classic Tours.

It says something about Tumblr and Classic Tours, namely, their sense of responsibility and their approach to issues / crisis management.

What does it say about everyone else, particularly those who do not already have a two-factor authentication as a standard process for every account holder?

Do you have an Amazon account with your credit card details stored for a quick check-out? They do have a rather broad assortment of products these days, don’t they?