90.9 WBUR - Boston's NPR news station
Top Stories:
Here and Now with Robin Young
Public radio's live
midday news program
With sponsorship from
Mathworks - Accelerating the pace of engineering and science
Accelerating the pace
of engineering and science
Wednesday, April 9, 2014

‘Heartbleed’ Security Flaw Exposes Millions Of Passwords

Experts have discovered a major flaw in the security software used by millions of websites. “Heartbleed,” as the vulnerability has been dubbed, is a bug that affects OpenSSL, a software that operates about two-thirds of all web servers.

OpenSSL is behind many sites that collect personal or financial information such as passwords, credit card info and emails. Although researchers discovered the coding error last week, the problem has been present for more than two years.

NPR’s Technology Correspondent Steve Henn joins Here & Now’s Jeremy Hobson to explain the flaw and how the coding error might affect the security of your personal data.

Here are some links you can use if you’ve entrusted a website with your information:

  • LastPass checks whether the website has been vulnerable in the past
  • The “Heartbleed test” shows whether a website is currently vulnerable


Please follow our community rules when engaging in comment discussion on this site.
  • PoliticsWatcher

    I bet the NSA introduced that bug. They have done such in the past. But we will never know, unless another Snowden shows up, and how likely is that now that he has been crucified?

  • S David H de Lorge

    Oh, just great…..

  • Chris Moore

    The good advice was to wait a few days to change your passwords to give business/services time to patch/correct the vulnerability. Also, just because the links say the site is safe keep in mind there are aspects to the business’ infrastructure which may make the answer unreliable. If in doubt make the password change.

  • mack1957

    all of the websites I’ve checked come up as being vulnerable! for example, Amazon, my credit union, american express….what to do??

    • friendly

      check with your credit union…I did a live chat today, and they explained that they don’t use Open SSL, so they are not vulnerable. When I had checked this site with the test, it said it could not confirm whether the site was vulnerable. For Amazon today, I got a “fixed or unaffected” status.

  • Lencho

    Here’s one way to check;


  • Caroline

    Used to be you only had to worry that your bank would be robbed “on foot” – as a teller that was worrisome and still is, but I’m less likely to bank on line because of these types of problems. And having to give the bank your phone number is also not very comforting – changing password and sent to my phone – nope. Not going to do it. I’ll stop at the brick and mortar and ask for a printout when necessary. AND only use a CC – no direct link to my bank account.

Robin and Jeremy

Robin Young and Jeremy Hobson host Here & Now, a live two-hour production of NPR and WBUR Boston.

August 26 2 Comments

It’s Not Business As Usual In Ferguson, Missouri

From barber shops to bike shops, WBUR's Deborah Becker looks at what the protests have meant for businesses.

August 26 78 Comments

A Fan Says No To Football

Steve Almond writes, "our allegiance to football legitimizes and ever fosters within us a tolerance for violence, greed, racism, and even homophobia."

August 25 12 Comments

Pediatricians Group: Delay School Start Times So Teens Can Sleep

Many studies have shown that the average adolescent doesn't get enough sleep, and that can cause physical and mental health issues.

August 25 12 Comments

A Police Officer On Lessons From Ferguson

Jim Bueermann says the shooting of Michael Brown and the aftermath point to the need for a conversation about policing in the U.S.