Heartbleed bug


Is this likely to affect Linux systems …?.


Linux servers yes - the cruel irony is that Windows web servers are unaffected :frowning:

The OpenSSL patch was written very quickly, and has been deployed by most affected servers. Any compromised servers could potentially have given your password away, so it’s a good idea to change your login password to those secure sites.

It’s a small risk, but it’s up to you :slight_smile:

In truth, nobody knows if the exploit was ever known or used by malicious hackers (it leaves no trace) … most of the big sites patched against it before it was publicised, in fact Google use that fact to say “you don’t need to change your password”.

Here’s the dilemma … changing your password on sites that HAVE patched against it is probably good cautionary practise … BUT … changing your password on sites that haven’t already patched could well be counter productive, as malicious hackers (who now know about the exploit) could then discover your old and new passwords.

There is a site that’s supposed to run a test against other websites for the vulnerability:

My advice would be to change your password on all the larger sites such as Youtube Facebook Google Banks Amazon etc. … but if you’re inclined to reuse passwords, don’t change them on smaller sites until you’ve run that test against them.
(be sure to read about the patch though)

Most websites admins will update regularly, so will already be patched.

If you run a website on Ubuntu 12.04 servers, you can check if you have the patched version of openssl by running:

openssl version -a | grep built

Hopefully you’ll get
built on: Mon Apr 7 20:33:29 UTC 2014
(or later)
But keeping up to date with updates will already have done that


There are also plugins for -


that test websites as you visit them.