Earlier this week, the Heartbleed vulnerability was announced causing major online sites to scramble and apply patches to their Open SSL authentication systems. Open SSL is one method of verifying your username and password for a website and it happens to be one of the most popular, used by as much as 60% of the web. Due to the fact that Open SSL is so widely used and the vulnerability can allow for an attacker to compromise data without leaving any trace, this “bug” is very significant. Granted there have not been any confirmed cases of sites being “hacked” via Heartbleed, it is recommended for everyone to change their passwords immediately. Keep in mind this vulnerability has been unknown for quite some time, so it is best to use new passwords which you have never used before.
Many people are thinking “this will never affect me”, but the truth is, if you use the internet at all then there is potential that someone somewhere may have your login information for a variety of your accounts. CNET has compiled a list of the top 100 websites gathering which sites were vulnerable or not and which have patched the Heartbleed vulnerability. Sites among this list which were vulnerable include Google, Facebook, YouTube, Netflix, Yahoo, Pinterest and Instagram.
If you are unsure if a site you frequent has been patched yet or not, you may use this link (http://filippo.io/Heartbleed/) to test any site for the vulnerability. Avoid connecting to any sites that are still vulnerable and once they are patched, change those passwords too.
Need some help creating new passwords and guidelines on what NOT to use for passwords? Cruise on over to http://passwordsgenerator.net for some help.