My Heart Bleeds, but not because of "Heartbleed"

In talking about Internet "threats", I have used the analogy of the great Wildebeest migration across the Serengeti plain in Africa.  Most of us have seen the nature shows portraying the risks to the herd.  Most of them make it across, but the weak, the young, and the infirm that fall behind the pack are vulnerable to the wild Cheetah or a pack of Hyenas.  

Sadly, this is the case on the World Wide Web.  Yes, you are the Wildebeest, and just how strong and fast are you?  The recent "Heartbleed" infection is just the latest Cheetah, part of wave after wave of threat that have emerged continuously over the past decade or more.  To learn more about this threat and get great advice, I recommend this article from NPR:

Many writers have pointed out the quietness and undetected persistence of this infection as a cause for serious alarm.  Do they really think that infected websites have not been a problem up until now?  What gets them frothing is that a chestnut of the open source community, OpenSSL is the attack vector, and it is very widely used on very respected websites.  So, yes, it is substantially more pervasive and threatening than preceding threats.  This changes nothing for most Internet users.

The NPR article concludes with five recommendations.  I wholeheartedly recommend all of them plus one more: adopt and use a password manager.  We use “LastPass”.  There are some hassles getting used to managing your passwords with a password manager, but most of the process has been pretty well automated by them.  I have tested “DashLane”, and many prefer that one.  I found that the application hindered some aspects of my Windows computer’s performance, and so I discontinued the use of it. (It was publicly recommended by David Pogue of Yahoo Tech and formerly of the New York Times, who uses a Mac for his primary system, and who has written about Apple and the Macintosh extensively). DashLane (, works on Apple Macintosh, Windows, iOS, and Android devices and most browsers.  LastPass (, works on those platforms plus Linux and Blackberry.  Both are free to use on one device, but cost money to use on multiple devices with passwords syncing across all of your devices.  We use the paid version of LastPass to get the sync function. Please take the time to learn how the password manager can help you be more secure by setting hard to crack passwords which you don't have to worry about remembering.

Finally, the NPR article includes tools to check the important sites that you visit, so you can tell whether the site is infected, or was vulnerable to the attack.  Since most of us don't have time to chase all of that down, the advice of the NPR article is the thing to put your precious time into.

My wonderful wife has changed all of our personal and business financial service website passwords this week as a precaution.  I recommend that you do the same.