Heartbleed Bug – Educating Staff

In my role as e-Learning Coordinator for my school, I sent this email out to staff to explain the Heartbleed bug. Feel free to use it yourself with your own staff, and/or give me feedback if you spot any errors.



Hi all,

Please read this.

You may or may not have heard of the “Heartbleed bug”. The short version is, there is a bug in the security protocol for some websites on the internet. The trouble is, the “some” is in fact “many” — including the really common ones.

This is not a virus; it’s more like a broken lock on the front door. And last week the world realised that the front door hadn’t been locking properly for the last two years.

See this list of common websites to check which are safe, which are still unsecure (ie don’t bother changing the password yet!) and which are fixed but need an immediate password change. I’ve summarised the most common ones for you here:

As at 10:00am Monday 14th April, you need to change your password now for the following sites:
Google, Facebook, YouTube, Yahoo, Wikipedia, Bing, Pinterest, Blogspot, Instagram, Tumblr, Reddit, Netflix, Weather.com, Etsy, Vimeo, Flickr, Blogger, Dropbox, Prezi, Soundcloud

For your peace of mind, it is very unlikely that your internet banking has been compromised, as they use a different type of lock for their front doors.

While we’re here talking about password security, here are a few pointers:

  • Don’t re-use the same password across multiple important accounts.
  • Best practice is to use a random password for everything, but in practice this is a nightmare – I recommend using password management software (like Apple’s KeyChain software) to generate and remember them all for you
  • If you create passwords yourself, try using this structure to generate a really good one that’s still easy to remember:
    • think of a sentence that has meaning to you
    • take the first (or second or third etc) letter from each word in the sentence
    • replace a few letters with numbers or symbols (or just insert a few randomly)
  • Once you’ve typed this a few times it will be easier to remember.

It is worth doing this properly. Even if you make only two or three really good passwords and then re-use those across multiple sites, that’s still better than one password which is just a word or modified word, used on all your accounts for everything! Using a word or phrase and swapping a few letters or numbers out is not sufficient.

More information about the Heartbleed bug:
Detailed overview (official site for public awareness, set up by a Finnish cybersecurity company): http://heartbleed.com/
An alternative detailed overview: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/
Wikipedia article: http://en.wikipedia.org/wiki/Heartbleed_bug
How the bug works (explained in a cartoon) – Wikipedia
How the bug works (explained in a cartoon) – xkcd

Let me know if you have any questions about this.

Kind regards,
e-Learning Coordinator

%d bloggers like this: