Twitter  The NYT's David Leonhardt says The Upshot could be reimagined for local with a staff of no more than three nie.mn/WHcDmB  
Nieman Journalism Lab
Pushing to the future of journalism — A project of the Nieman Foundation at Harvard

Yes, you need to reset all your passwords. But what are the specific impacts for journalists regarding the Heartbleed security breach announced yesterday? For Source (and also the ProPublica Nerd Blog), Mike Tigas has a breakdown.

If your websites have SSL enabled (when users log in, for example), or if you use VPN software to secure your network, or if you run your own mail servers, your newsroom might be affected by Heartbleed.

Heartbleed can affect anything that uses OpenSSL version 1.0.1 or greater. This includes most open-source webservers (Apache, nginx, lighttpd), and can include email servers, instant message services (ejabberd, etc), and VPN servers (openvpn). Privacy software like Tor and SecureDrop are also vulnerable and have since released updates. Many popular server operating systems are affected and have released patches that fix the bug, including Linux distributions like Ubuntu, Debian, Fedora, Red Hat Enterprise and Arch Linux. [...]

If you get a version between 1.0.1 and 1.0.1f, you may be vulnerable. Some Linux distributions include a hotfix for this bug while keeping the same version number, so you should double-check the operating system’s website for more information.

Tigas’ post has specific next-steps for those who may be vulnerable. In addition, ONA’s Jen Mizgata suggests journalists whose hackles are raised by the bug consider attending their security summit this month in Indianapolis.

— Caroline O'Donovan
                                   
What to read next
Mashable_GrumpyCat-cc
Joseph Lichterman    July 22, 2014
The site known for social media and tech coverage has hired nearly 30 more editorial staffers since October and, like BuzzFeed before it, is expanding into more general interest news.
  • http://groenfrontwebdoc.tumblr.com tristanbraakman

    I’m in a lecture room with fellow journalism students. “Aah, what ever. They already know everything about me. Why resetting my passwords.”

  • proactiverisk

    I found a Firefox tool that can help the user know if the site is at risk -> http://www.proactiverisk.com/home/proactivetools