XP? Heartbleed? Can it get any worse?

Super User

I was inspired to write a bit about the demise of XP support, when along came the Heartbleed bug.  I was stunned into silence for a few days.

As Bruce Schneier says, "On a scale of 1 to 10, this an 11."

It was already bad enough.  Every XP machine connected to the Net was now a likely target for opportunistic infection.  We will be helping the hackers by discovering holes in Vista, Windows 7, and Windows 8 security, and they get to "look back" to see if the same bug appears in XP.  With the volume of XP in use, this was likely to become a big problem, and quickly.  But there are some technical fixes, including the Secure Browsing technology from our partners, Quarri.

But the Heartbleed bug is in a class of its own.  Assuming we patch everything up, change the certificates, change the passwords, we will then be in a Brave New World where confidence in the very basis of secure transmission of data has been undermined.  Not to mention our confidence in Open Source projects' security.

And that's without even worrying about the data that may already have been leaked, though early indications are that the situation there may not be as bad as you'd fear.  

There are some good resources to help Admins and users respond to this problem.  Have a look at:


This Helpnet Security Article

A website testing tool


I see some of the major websites have fixed the problem.  You should be getting notifications to change your password soon.  If you don't, change passwords anyway.  Wait until they have fixed the problem first of course...


I guess this brings is back to what the NSA themselves say about security.  Act as if you've already been breached.  I've blogged before about that security stance - it makes sense.  Now I think about it again, I guess the NSA would know - they were probably the ones who hacked you in the first place! :)