Nieman Foundation at Harvard
Come talk ad blockers with Nieman Lab and a set of experts in New York
ABOUT                    SUBSCRIBE
April 10, 2014, 11:19 a.m.
LINK:  ➚   |   Posted by: Caroline O'Donovan   |   April 10, 2014

Yes, you need to reset all your passwords. But what are the specific impacts for journalists regarding the Heartbleed security breach announced yesterday? For Source (and also the ProPublica Nerd Blog), Mike Tigas has a breakdown.

If your websites have SSL enabled (when users log in, for example), or if you use VPN software to secure your network, or if you run your own mail servers, your newsroom might be affected by Heartbleed.

Heartbleed can affect anything that uses OpenSSL version 1.0.1 or greater. This includes most open-source webservers (Apache, nginx, lighttpd), and can include email servers, instant message services (ejabberd, etc), and VPN servers (openvpn). Privacy software like Tor and SecureDrop are also vulnerable and have since released updates. Many popular server operating systems are affected and have released patches that fix the bug, including Linux distributions like Ubuntu, Debian, Fedora, Red Hat Enterprise and Arch Linux. […]

If you get a version between 1.0.1 and 1.0.1f, you may be vulnerable. Some Linux distributions include a hotfix for this bug while keeping the same version number, so you should double-check the operating system’s website for more information.

Tigas’ post has specific next-steps for those who may be vulnerable. In addition, ONA’s Jen Mizgata suggests journalists whose hackles are raised by the bug consider attending their security summit this month in Indianapolis.

Show tags Show comments / Leave a comment
Join the 15,000 who get the freshest future-of-journalism news in our daily email.
Come talk ad blockers with Nieman Lab and a set of experts in New York
We’re having our first event in New York City with industry leaders: Wednesday, December 2 at 6 p.m.
Jeff Bezos says The Washington Post’s goal is to become the “new paper of record”
“We’re doing it now with more resources and we have a lot of patience for that job.”
Hot Pod: Revisiting the question: Why doesn’t audio go viral?
The UX innovation we need. Plus: public radio executive pay, a boom in custom branded podcasts, and the aging of NPR’s audience.
What to read next
Instant Articles get shared more than old-fashioned links, plus more details from Facebook’s news push
“That’s what we can do, as a platform: be really responsive to what publishers want out of us.” Also coming up: A major move into international markets.
616How one blog helped spark The New York Times’ digital evolution
“I certainly had editors tell me that I shouldn’t be wasting my time on Bird Week. But that was the best part of City Room…We were like unsupervised children.”
572News outlets left and right (and up, down, and center) are embracing virtual reality technology
Among those experimenting is The Wall Street Journal, which plans to open source its 360-degree mobile video and VR technology and hopes to turn VR into more of a mainstay of its storytelling.
These stories are our most popular on Twitter over the past 30 days.
See all our most recent pieces ➚
Fuego is our heat-seeking Twitter bot, tracking the links the future-of-journalism crowd is talking about most on Twitter.
Here are a few of the top links Fuego’s currently watching.   Get the full Fuego ➚
Encyclo is our encyclopedia of the future of news, chronicling the key players in journalism’s evolution.
Here are a few of the entries you’ll find in Encyclo.   Get the full Encyclo ➚
The Times of London
Ann Arbor News
The Huffington Post
Hechinger Report
BBC News
PBS NewsHour
Public Radio International
The Globe and Mail