HeartBleed - Not So Fast?


http://heartbleed.com/heartbleed.png
--- CAUTION -- Blasphemy Warning --

I've been programming computers since 1981 and run several in my "home lab." I haven't done anything yet in response to Heartbleed.

Recommendations based on my experience...

Windows Systems -- Watch the tech news for a week or two after patches/upgrades are released to see if they work and don't screw other things up. Then apply and watch for another week to be sure your systems are running okay and give the big services more time to insure they have everything reliably fixed. Then change passwords.

Mac Systems -- Do whatever Apple says to do. It's usually right.

Android Systems -- Most software is automatically updated so nothing to do. Wait a few weeks to change passwords.

Linux Systems --Many systems are using older, unaffected versions of OpenSSL so nothing to do. If you have affected systems and they're running servers, patch/upgrade OpenSSL and related software even though there might be problems. People are depending on you. If you're running as anything else, keep watching tech news for reliability of OpenSSL and related patches/upgrades. Patch/upgrade when everything is stable.

If you don't have "a system" for assigning passwords, this might be a good time to develop one. Change passwords when all the major services you use are fixed. It does no good, and even exposes you more, to change your password and then connect to an unupgraded system.

No comments :