On Monday April 7th, an announcement went out that there was a flaw in OpenSSL, a cryptographic library used to provide secure connections to servers. Basically, it allows a hacker to read the memory stored in a server and get sensitive information like your password.
What’s worse, the problem has been around for about two years and until Monday very few people knew it existed. That means your sensitive data could have been collected already without anyone’s knowledge. I won’t go into details here but you can read more about this vulnerability at heartbleed.com.
How Heartbleed Works
Here’s a great comic that illustrates how the heartbleed vulnerabilty works. It’s simplified but it gets the point across.
Heartbleed Explanation via xkcd
How does this affect you as a homeschooler?
Due to the fact that there is no way to detect if an attack has been used against a server with this vulnerability you’re going to have to change many of your passwords for websites like Facebook, Pinterest, Yahoo!, Google, and more.
There’s a catch, however, you can’t change your password until a patch has been applied to keep this information from leaking. CNet are both maintaining a list of popular websites that have been affected by the vulnerability and whether or not it’s been fixed. I recommend keeping an eye on this and changing your password once you notice a website you use has been patched. Mashable’s list is more user-friendly but CNet’s list has different sites listed that may also be affected.
If you do any online banking you should contact your bank right away if it’s not on these lists. If it’s a small bank they may not even be aware of the problem yet. Don’t do any online banking until you’re sure the problem has been resolved with your financial institution.
You’re going to be changing a lot of passwords so here are a few recommendations that I have for you before you get started.
Lastpass. Password managers can store complex passwords and even generate them for you automatically. It’s simple to use and free.
2. Use different passwords for each website. If you use the same password from site to site you’re setting yourself up for a major fall. Use unique passwords on every account.
3. Use complex passwords. Include uppercase and lowercase characters, numbers, and special symbols like @, #, $, %, and !. This makes your password stronger.
4. If a website doesn’t allow you to use special characters use a longer password. Two things make password hard to guess: complexity and length. If you can’t have a complex password at least make it a long one.
Jeff Schmitz from Scholaric asked a great question: “Do we need to upgrade our browsers?” No. This is a problem with web servers and not your Internet browser. I do recommend that you use the LastPass plugin to manage your passwords to make this process less painful but other than that you do not need to change your browser.
Popular Homeschool Sites
I’ve checked a few sites for the vulnerability and contacted a few people about the status of their sites. Here’s what I’ve come up with so far.
A Beka – No
Apologia – No
BJU – Likely
CurrClick – Likely
K12 – Unknown
Khan Academy – Unknown
Math-U-See – Possible
My Homeschool Transcripts – Patched. Password change recommended.
Scholaric – Patched. Password change recommended.
Sonlight – Likely
You can test any site using this handy tool provided by LastPass. Just put in the website you want to check and it will try to determine if there’s a problem.
Finally, I just want to say that this is not something to take lightly. I’m not trying to be an alarmist. It’s important that all of your passwords are changed that may have been affected. I know it’s a pain in the neck but it’s still something you should do without hesitation.
Choosing the Right Tablet for Your Homeschool
Workshop at Faithful Heritage LEAH on April 14, 2014 at Eastport Bible Church in Eastport, NY at 7:30PM (via Skype). More details to come.
Leave a Voicemail
You can call 518-290-0228 to leave me a message or use this convenient widget to record a message right from your computer.
Want to be notified of any upcoming news regarding the podcast or if I’m speaking in your area? Join my spam-free mailing list. You’ll receive monthly updates and news about future projects and I’ll let you know if I’m speaking in your area at a homeschooling convention.
The Wired Homeschool is a proud member of the Tech Podcast Network. For more family-friendly tech podcasts visit techpodcasts.com
Music for the podcast by The Wired Homeschool.