Change your passwords . . . (almost) all of them!

[StefanJ]

PUBLIC SERVICE ANNOUNCEMENT

A serious flaw has been found in one of the implementations of SSL, the web communication protocol that allows a website and your browser to establish a secure communication channel. This is used by banks, web merchants, and so on.

If a bank, credit card company, or merchant was using one of these implementations, there is a chance your accounts are compromised. This means that you have to change passwords.

Here is a ZDNet article about the Open SSL fault:

https://www.zdnet.com/how-to-recover...eed-7000028253/

The "heartbleed" test site linked to there will let you enter a SITE ADDRESS (e.g., yahoo.com, www.goldcoastcreditunion.com) and get a report on its current status vis-a-vis the fix.

If the site gets a green lite, SIGN IN AND UPDATE YOUR PASSWORDS. If you are not sure, contact your (bank, credit card, etcetera) and ask if they've put in the patch.

Again:

YOU.

NEED.

TO.

UPDATE.

ALL.

OF.

YOUR.

PASSWORDS.

Well, every one for a site that used SSL. TRF and similar forums that don't use a secure connection aren't effected.

 

[o1d_dude]

Read about this in a tweet from Steve Gibson of Security Now and Spin-Rite fame.

The truth will make you crazy.

 

[CarVac]

Don't let your heart bleed.

In other news, this was the best "marketed" security bug: a catchy name and a memorable logo that is capable of being understood by the general public as actually serious.

 

[brianc]

The best simple explanation of the bug. (and a great way to explain to your mother, grandmother, etc)...

https://xkcd.com/1354

 

[gdiscenza]

For every website that you use a password on, check the URL (whatever you have bookmarked) at CriticalWatch. If CriticalWatch shows the website as protected against Heartbleed, go ahead and change your password. If you change your password before a site is patched, your new password will be at risk.

G.D.