The Motley Fool Responds to Heartbleed

The media is abuzz with talk about a widespread security vulnerability dubbed "Heartbleed" that by some estimates has impacted up to 66% of Internet sites.  We here at The Motley Fool wanted to let you know what we have already done to secure our site, the additional measures we're taking, and how you can protect yourself out there on the wider Internet.

The Fool's sites are no longer vulnerable to Heartbleed. Major Internet players like Amazon Web Services and Incapsula, both services that we use to deliver Fool websites, were vulnerable. Both of these services, as well as the other services we use, have updated their software and are no longer vulnerable. This was done within hours of the public announcement of the Heartbleed vulnerability. We have taken the additional precaution of re-issuing our private keys as a proactive measure in order to better ensure the safety of Fool data.

While we have no reason to believe that any of our data has been compromised, part of the nature of Heartbleed is that it is largely undetectable. To better protect yourself, we strongly encourage all users of Fool.com to reset their password now. Our members who access more secure parts of our site will be required to change their password before logging in again. We also highly recommend that you change your password on any site with which you share your personal information. Before you do, you'll want to make sure that those sites have been updated and are now secure.

More information on Heartbleed

Heartbleed is a security vulnerability in encryption software that powers a large portion of the Internet. It can be used to retrieve a website's private key, a major component in encrypting secure Internet traffic.

In the wrong hands, this could be exploited to get usernames or passwords. Thankfully, utilizing this vulnerability to get secure information would have been difficult due to the random nature of the exploit. While vulnerable to Heartbleed, someone would need to continually request an SSL heartbeat over a period of time to collect random segments of secured data. The attacker would then hope that the collected random segments would contain usernames and passwords.

You can read more about Heartbleed here



Read/Post Comments (1) | Recommend This Article (20)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On April 11, 2014, at 3:39 AM, tsservices wrote:

    It is indeed a very disturbing thought that someone(s) are trying to disrupt the normal use of internet. My hearty congratulations to the always vigilant and active Fool tech staff who, as usual, are on top of things. Great job!

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2910844, ~/Articles/ArticleHandler.aspx, 12/19/2014 10:59:47 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement