What is Heartbleed?
Researchers at Codenomicon and Google Security have uncovered a serious vulnerability in the widespread software library called Open SSL. SSL/TLS, used by Open SSL, allows for secure and private communication over the internet on a wide variety of applications such as email, instant messaging, and over two-thirds of websites. The bug compromises the ID keys used by service provides as well as encryption to traffic across affected sites. In a nutshell, this bug allows attackers to snoop on communication to steal private data such as user names and passwords. This can also be done without leaving any trace by the attackers!
What can I do?
In order to take care of the issue, service providers must apply the new version of Open SSL to replace that which was vulnerable. However, the service providers must wait for the fix to become available for their equipment and operating system. So what does this mean for you? It means simply going out and changing you passwords immediately is not going to necessarily fix the problem for the end user. The user must wait until the particular website has patched the fix on their end before it is “all clear” for the users. In order to find out which websites are “all clear” to change your password check out this list. If you use a website on that list and it gives you the go ahead to change you password, do so immediately. As for the other sites that have not been patched yet, keep that list handy and change your passwords as soon as the website says it is alright to do so. Lastly, for those sites not on this list, here is a helpful website that you can check to see if it is affected.
For more information, call any one of our four locations and one of our staff will be happy to assist you.
Or visit http://heartbleed.com