Have you heard about Heartbleed? It’s a recently-discovered security flaw in the encryption software two-thirds of all websites use to protect your data. This problem isn’t one of those fake-outs where your crazy friend posts something alarmist on Facebook that Snopes easily proves is ridiculous. This time it really is as bad as your crazy friend says it is. “On the scale of 1 to 10, this is an 11,” wrote cryptography expert Bruce Schneier.
As users there’s not much that we can do except wait for our favorite websites to upgrade their software to the fixed version. Once they do, the recommendation is to change your password on all the web sites that were affected (
here is a list of popular ones here is a better list being updated regularly). That’s annoying and tedious, of course, but it’s the only way to be sure.
After ensuring that Treelines is not vulnerable to the Heartbleed vulnerability, I’ve gone through the major genealogy sites that use encryption software using a publicly available tool to see how the rest are faring. The good news is that the sites all pass! This tool also assesses the overall quality of the security measures each site uses to protect your data. Here there is a wide range of grades, including two F’s by popular sites!
|Security grade (click on grade for full report)|
* n/a means that the site does not use encryption software to protect the data you submit to it. It’s true that the sites marked n/a do not take credit card information, but it has been long accepted as the best practice that any time a user signs up or logs into a site, their information should be encrypted. If you use the same password on the sites marked n/a as you do on other websites, then a malicious person could lift your information from the one site and try it out on others where you do make purchases. It’s unlikely, but it is possible. (Sorry if I sound like your crazy friend on Facebook now!)
** Thank you to these companies, who improved their security after this post was published.