April 10, 2014
What is “Heartbleed?”
Web servers that use OpenSSL, an open-source, security protocol implementation, are vulnerable to a serious bug that was recently identified. This bug affects all websites using OpenSSL and can leak private information (i.e., passwords) to attackers.
Should I care?
If you use the Internet for things like banking, shopping, and other activities requiring personal information, yes.
Is action required?
Organizations using OpenSSL have been working to update the software and issue new certificates for their websites. Once these fixes are in place, users are recommended to change their passwords. To find out if a website that you use is vulnerable, there are a few online tests available.
I found this one to be very easy to understand: LastPass Heartbleed checker
Note: Changing your password BEFORE a vulnerable website is repaired is not useful! Contact the website owner to be certain!
Detailed information about this vulnerability can be found on most major news feeds. Just search for “Heartbleed.”