Change your passwords!
Is the Heartbleed bug affecting you?
What is the Heartbleed bug?
Heartbleed is a flaw in some of the websites you visit. OpenSSL basically gives you a “secure line” when you’re sending an email or chatting on IM.
Due to a programming error in the implementation of OpenSSL, researchers found that it was possible to trick the computer at the other end of a connection into sending over data stored in its memory which it should not have been sending.
How bad is it?
It’s really bad. Web servers can keep a lot of information in their active memory, including user names, passwords, and even the content that user a has uploaded to a web server.
With encryption keys, hackers can intercept encrypted data moving to and from a site’s server and read it without establishing a secure connection.
Am I affected?
Probably, this is not simply an issue on your computer or phone itself — it’s in the software that powers the websites you use.
From security firm Codenomicon report:
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.
Some known sites.
So what can I do to protect myself?
You should change passwords immediately, especially for services where privacy or security are major concerns. Since the vulnerability has been in OpenSSL for approximately two years and utilising it leaves no trace, assume that your accounts may be compromised.
Most major websites have fixed the flaw before word got out. The bug will be less prevalent over coming weeks.
For more information visit: http://www.heartbleed.com/