Heartbleed Bug: Information, Advice and Resources

The Heartbleed Internet security flaw has made a mess that might not be cleaned up for awhile

Join Our Community of Science Lovers!

The Heartbleed Internet security flaw discovered this week continues to affect thousands of websites, and even some Android phones, home wireless routers and embedded devices.

It's likely that this mess won't be cleaned up for quite a while. In the meantime, here are the basics and some useful links.

MORE: Best PC Antivirus Software 2014

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Heartbleed basic facts

What's affected:

Some (but not all) secure Web, email, instant-messaging and mobile-app communications

Some (but not all) home wireless routers, printers and firewalls

Some (but not all) Internet networking equipment

Some (but not all) Internet-connected devices running embedded software

Smartphones and tablets running Android 4.1.1 Jelly Bean (scroll down for how to check your device status)

Certain Linux desktop distributions, including Ubuntu Linux

What's not affected:

Web, email and mobile-app communications that were never meant to be secure

Windows PCs, Macs, most Linux desktop and laptop machines

iOS devices and most Android devices

What you can do:

Change account passwords for affected websites and services

Install firmware updates for wireless routers, printers and firewalls when they become available

Install updates for devices running Android 4.1.1 Jelly Bean when they become available

Install updates for Linux desktop distributions when they become available

Heartbleed useful resources

Heartbleed: Which Passwords You Need to Change

Yahoo Mail and Heartbleed: How to Secure Your Account

Heartbleed: Who Was Affected, What to Do Now

Beware Heartbleed Password-Reset Phishing Scams

'Heartbleed' Bug Kills Security on Millions of Websites

Other resources

Lookout Mobile Security app to detect vulnerable Android devices

Top 10,000 websites broken down by Heartbleed vulnerability status (compiled before many patched their servers)

Web page to manually check a website's vulnerability status

Webpage that checks a site's vulnerability status and assesses whether security credentials have been renewed

Firefox add-on to detect vulnerable websites

Chrome extension to detect vulnerable sites

Detailed technical explanation of the Heartbleed flaw

Good, non-technical explanation of how a Heartbleed exploit works

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American