Skip to main content

By now everyone knows of the OpenSSL flaw known as Heartbleed that allows people to break its encryption and harvest all your user names, passwords, credit card info, and so forth. On many fridays I post about Live Discs that give you arsenals of free software targetted at specific tasks. While all of them are good, some of them have not been patched yet, so if you have a favorite build you might check with their users forum and see if they have a patched update to download. If you installed Linux to a computer hard drive or memory stick, run your package manager to check for and install updates. If your computer automatically updates itself, use the command

# openssl version -a
# sudo openssl version -a

depending on which OS you installed, and look for the build date. If it is on or after April 7th of this year, you are good. If it is before that, you need to get it upgraded, especially if you built your box as a server. Note that you don’t actually use the # in the command; in a Terminal, Shell, or DOS prompt, that tells the computer that what comes after is a comment. It is on this page in front of the command strings so your system doesn’t get confused and try to run it (that almost NEVER happens, but almost isn’t always). Also, you will have to give the command as root, so knowing your root password is important. Once you have updated, change your root password, and start changing your online passwords.

Even if your favorite Live Disc hasn’t been patched, you can still use all the software on it locally. Just don’t use it to go online and buy anything, do any banking, or sign into email or other services until they have a patched ISO for you to burn to disc. If you have a MAC instead of Linux, guess what; you are using Linux with a MAC GUI interface lying on top of it, you can use your normal proceedures to get it updated and patched. If you use Windows and have OpenSSL on your computer, visit the OpenSSL Web Site to grab an updated build.