There has been plenty of news about the Heartbleed bug this week. TidBITS did a great job summing it up. It appears something we all took for granted as really secure (Open SSL) really wasn’t. As users that means we’ve potentially been compromised at a lot of websites. I say “potentially” because there is really no way to log incursions due to the nature of this bug. That’s a little terrifying. So what should you be doing this weekend?
First take a look at this handy list from Mashable. If any of your vendors and online accounts show up as compromised AND fixed (that second part is important), log in and reset your password. If the site is compromised but not fixed yet, don’t log in. In that case, don’t touch it until it is fixed.
You all know how I’ll be updating my passwords, with 1Password, which was not compromised. As an aside, someone at Macworld/iWorld asked me why I always change my major passwords (banking, iTunes, Amazon, Dropbox, Paypal) twice a year. Things like this are why (although in fairness this bug is so bad that wouldn’t have saved me either).