A recent article in Tuesday’s Wall Street Journal exposes yet another threat to sensitive data on the Internet. A bug called “Heartbleed” enables hackers to access data that has been encrypted via a free program called Open SSL, used by much of the Internet. A disturbing fact stated in the article is that this program is managed by four core European programmers, only one of which considers it his full-time job. According to Steve Marquess, a foundation president that solicits funding for the team, the 2013 budget was less than a million dollars. Apparently writing encryption code is complex, so website programmers use Open SSL since it is free. However, as the article states, “Its website is bare bones, as are its finances.”
According to the WSJ, this free program is used by Amazon, the U.S. Defense Department and Department of Homeland Security, just to name a few. Although several major companies appeared to be safe from the bug, including Google, Amazon and Ebay, some companies such as Yahoo were racing to fix the problem. The article concluded with this piece of advice from the president of a web service used to scramble Internet users’ identity: “If you need strong anonymity or privacy, you might want to stay away from the Internet entirely for the next few days while things settle.” Hardly very comforting words.
But the ALA posted this site after assuring its members that the ALA site is safe from the bug. Check it out; it advises for which sites that you should consider changing your password.