Heartbleed Security Flaw and What You Need to Do: Now and Later

As you may have read, a major flaw in a key aspect of overall Internet security has been discovered in the last couple of days. It affects the vast majority of Internet websites. Usernames and passwords may have been stolen. The nature of this particular flaw makes it impossible for anyone to know whether or not an actual theft of information has occurred. This flaw is known as the Heartbleed or SSL bug.

Although a software fix has been issued every website affected by this bug needs to take its own actions to update their software in order to close the breach. You probably will begin to receive emails from websites with whom you do business, advising you that they have upgraded their software.

According to the New York Times:

"Security researchers say it is most important for people to change passwords to sensitive accounts like their online banking, email, file storage and e-commerce accounts, after first making sure that the website involved has addressed the security gap."

Although a pain, it will be a good idea to change all passwords in the near future. If you are not already using a secure password management application on your computer and smart devices, now is an excellent time to consider doing so. I always recommend 1Password.

Again, it is advised at this time to wait and be sure a website has updated itself with regard to the "Heartbleed" or "SSL" bug before changing your password. Look for the e-mail notifications (check your spam folders) or be proactive and visit your key sites to see if they have posted an announcement.

Here is a website that you can use to see if a particular website has been fixed. (I can't swear to it's accuracy, but it is a very helpful site.)

If you are the curious type, here is the official heartbleed.com website offering all kinds of who, what, where when, why and what nexts.