Internet Security Risk – Heartbleed Bug

A serious security risk called the “Heartbleed Bug” has been detected on the Internet that can put your private information at risk, regardless of which operating system your computer or smartphone uses.

Please check the list at http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ for commonly used web sites (e.g. gmail, dropbox & facebook).  If you have used any sites, in the last two years that say “Yes” in the password column, you need to go and change your password…..right now…and the criminals may already have some of your personal information (e.g. credit card information, passwords, address etc.).

For sites not on the above list, where you have used a password in the last two years, enter the web site address (URL) at one of the following sites, before you log in;

  • http://filippo.io/Heartbleed/ – If the site is not identified as “All good”, criminals may already have some of your personal information.
  • https://www.ssllabs.com/ssltest/ – In the Summary section, if the site is not identified as “This server is not vulnerable to the Heartbleed attack, criminals may already have some of your personal information.

Notify the site owner, without logging in.  Follow-up by testing the site again, before logging in and changing your password.

Google and Firefox browsers were not vulnerable, so if you use those browsers exclusively (what do you use on your smartphone?), you have less to worry about.