People across internet-land have become familiar with the term ‘Heartbleed’ today. It’s the OpenSSL vulnerability popular enough to get its own spot on NPR (seriously, I heard it earlier this afternoon.) In our PC neck of the woods, the major platform to be affected was Valve’s hat-dispensing Steam store.
Well, according to Valve themselves (via SteamDB, who seem to have brought the issue to Valve’s attention in the first place,) vulnerabilities on Steam have now been resolved. However, as is standard procedure in this case it is recommended that people change their password. It’s also recommended that people reset Steam Guard.
Valve says vulnerabilities on https://t.co/M6RS687b7E have been resolved. We suggest changing your password and resetting SteamGuard now.
— Steam Database (@SteamDB) April 8, 2014
Not sure how to do that? Go to Steam’s settings, navigate to the Steam Guard management part and check the box that says “deauthorise all other computers now.” Then click next.
In addition to that, Valve has told SteamDB that “Issues with partner specific Steam websites have also been resolved.” Developers should follow the same steps as regular users and change their passwords/reset Steam Guard.
You can read more about the Heartbleed bug and worry about all those other sites you use that adopt OpenSSL as a security measure, at this address.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).