90.9 WBUR - Boston's NPR news station
Top Stories:
Here and Now with Robin Young
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Wednesday, April 9, 2014

‘Heartbleed’ Security Flaw Exposes Millions Of Passwords

Experts have discovered a major flaw in the security software used by millions of websites. “Heartbleed,” as the vulnerability has been dubbed, is a bug that affects OpenSSL, a software that operates about two-thirds of all web servers.

OpenSSL is behind many sites that collect personal or financial information such as passwords, credit card info and emails. Although researchers discovered the coding error last week, the problem has been present for more than two years.

NPR’s Technology Correspondent Steve Henn joins Here & Now’s Jeremy Hobson to explain the flaw and how the coding error might affect the security of your personal data.

Here are some links you can use if you’ve entrusted a website with your information:

  • LastPass checks whether the website has been vulnerable in the past
  • The “Heartbleed test” shows whether a website is currently vulnerable


Please follow our community rules when engaging in comment discussion on this site.
  • PoliticsWatcher

    I bet the NSA introduced that bug. They have done such in the past. But we will never know, unless another Snowden shows up, and how likely is that now that he has been crucified?

  • S David H de Lorge

    Oh, just great…..

  • Chris Moore

    The good advice was to wait a few days to change your passwords to give business/services time to patch/correct the vulnerability. Also, just because the links say the site is safe keep in mind there are aspects to the business’ infrastructure which may make the answer unreliable. If in doubt make the password change.

  • mack1957

    all of the websites I’ve checked come up as being vulnerable! for example, Amazon, my credit union, american express….what to do??

    • friendly

      check with your credit union…I did a live chat today, and they explained that they don’t use Open SSL, so they are not vulnerable. When I had checked this site with the test, it said it could not confirm whether the site was vulnerable. For Amazon today, I got a “fixed or unaffected” status.

  • Lencho

    Here’s one way to check;


  • Caroline

    Used to be you only had to worry that your bank would be robbed “on foot” – as a teller that was worrisome and still is, but I’m less likely to bank on line because of these types of problems. And having to give the bank your phone number is also not very comforting – changing password and sent to my phone – nope. Not going to do it. I’ll stop at the brick and mortar and ask for a printout when necessary. AND only use a CC – no direct link to my bank account.

Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

September 16 7 Comments

Kathy Gunst Explores Community Supported Agriculture

Kathy Gunst joins Cook's Illustrated executive food editor Keith Dresser at his CSA pickup and offers recipes for the seasonal CSA fare.

September 16 11 Comments

Remembering Jesse Winchester

Jimmy Buffett remembers his friend the late songwriter Jesse Winchester, whose posthumous album is being released today.

September 15 26 Comments

A Call To Reject Corporal Punishment As Part Of Black Culture

An incident of child abuse by an NFL player has raised questions about the use of corporal punishment as a form of discipline in the African-American community.

September 15 27 Comments

Would You Pay To Get Your Kid Into A Top College?

A San Francisco company charges parents for a consulting package based on the odds their student will get into a certain university, with prices up to a million dollars.