90.9 WBUR - Boston's NPR news station
Top Stories:
Here and Now with Robin Young
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Wednesday, April 9, 2014

‘Heartbleed’ Security Flaw Exposes Millions Of Passwords

Experts have discovered a major flaw in the security software used by millions of websites. “Heartbleed,” as the vulnerability has been dubbed, is a bug that affects OpenSSL, a software that operates about two-thirds of all web servers.

OpenSSL is behind many sites that collect personal or financial information such as passwords, credit card info and emails. Although researchers discovered the coding error last week, the problem has been present for more than two years.

NPR’s Technology Correspondent Steve Henn joins Here & Now’s Jeremy Hobson to explain the flaw and how the coding error might affect the security of your personal data.

Here are some links you can use if you’ve entrusted a website with your information:

  • LastPass checks whether the website has been vulnerable in the past
  • The “Heartbleed test” shows whether a website is currently vulnerable


Please follow our community rules when engaging in comment discussion on this site.
  • PoliticsWatcher

    I bet the NSA introduced that bug. They have done such in the past. But we will never know, unless another Snowden shows up, and how likely is that now that he has been crucified?

  • S David H de Lorge

    Oh, just great…..

  • Chris Moore

    The good advice was to wait a few days to change your passwords to give business/services time to patch/correct the vulnerability. Also, just because the links say the site is safe keep in mind there are aspects to the business’ infrastructure which may make the answer unreliable. If in doubt make the password change.

  • mack1957

    all of the websites I’ve checked come up as being vulnerable! for example, Amazon, my credit union, american express….what to do??

    • friendly

      check with your credit union…I did a live chat today, and they explained that they don’t use Open SSL, so they are not vulnerable. When I had checked this site with the test, it said it could not confirm whether the site was vulnerable. For Amazon today, I got a “fixed or unaffected” status.

  • Lencho

    Here’s one way to check;


  • Caroline

    Used to be you only had to worry that your bank would be robbed “on foot” – as a teller that was worrisome and still is, but I’m less likely to bank on line because of these types of problems. And having to give the bank your phone number is also not very comforting – changing password and sent to my phone – nope. Not going to do it. I’ll stop at the brick and mortar and ask for a printout when necessary. AND only use a CC – no direct link to my bank account.

Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

July 29 12 Comments

U.S. ‘Border Crisis’ In A Global Context

Bill Frelick of Human Rights Watch says what the U.S. is seeing is dwarfed by the massive flow of refugees into other countries, such as Italy.

July 29 4 Comments

Iraq War Vet Returns To A Broken Country

Roy Scranton says what he found in Baghdad "shows the evidence of the truth of what we'd actually done."

July 28 5 Comments

Rob Reiner Reflects On Making Movies From ‘And So It Goes’ To ‘Princess Bride’

The actor and director has been making people laugh for decades.

July 28 4 Comments

New HBO Documentary ‘Love Child’ Looks At Gaming Addiction

"Love Child" tells the story of a South Korean couple whose baby starved to death while they cared for a virtual child.