Post by Greymuzzles on May 6, 2014 21:19:02 GMT 1
This is a little on the late side, and as a consequence I assume that most of you are already aware of the issue and how to protect yourselves from it, but I want to be absolutely certain that this is the case. As you may or may not know, a major SSL (the service used to encrypt a host of sites - particularly transaction and login pages) vulnerability referred to as 'Heartbleed' has recently been discovered, and it appears to be something that has existed for quite some time. Although I'm not in a position to provide a clear, detailed explanation of this vulnerability (explanatory links below), I can tell you that this vulnerability allowed people to hack into certain servers and obtain access to a host of information, including usernames and passwords. As a consequence I encourage all of you to read the provided information (links below), review your sites - particularly those used for online transactions - and determine if:
A: The site has checked its SSL for this vulnerability / previous exploitation of it
B: The site has acted to protect itself, and by extension you, against the vulnerability
If you determine that the site in question was vulnerable, and that the required fixes have been made, then the general consensus is that you should change your corresponding password to prevent further risk of attack. Note that this should be done on a site-by-site basis, and only after you have confirmed that the site in question has undertaken the appropriate action.
More Information
The Heartbleed Bug
In Plainer English
Protecting Yourself
Proboards' Status
Unaffected / Patched
A: The site has checked its SSL for this vulnerability / previous exploitation of it
B: The site has acted to protect itself, and by extension you, against the vulnerability
If you determine that the site in question was vulnerable, and that the required fixes have been made, then the general consensus is that you should change your corresponding password to prevent further risk of attack. Note that this should be done on a site-by-site basis, and only after you have confirmed that the site in question has undertaken the appropriate action.
More Information
The Heartbleed Bug
In Plainer English
Protecting Yourself
Proboards' Status
Unaffected / Patched