The “Heartbleed” Bug

Posted on by

The Heartbleed Bug has created vulnerabilities in about 66% of all internet online servers, including major sites like Yahoo. On a scale of 1 to 10, this is an 11 according to security experts. The odds are good that one of the sites you have logged in to has been affected, exposing your personal information (name, user name, password, credit card information etc.).

To make matters worse, there is almost no way to know which web sited have been accessed and which account information has been accessed.  Be sure to check banks, financial service providers, e-mail providers, and social media sites first to see if they are vulnerable to the Heartbleed Bug. There are sites linked below that will let you do this.

To protect yourself and your personal data, you should change your passwords AFTER the affected sites you have visited have had time to fix the vulnerability.

Yahoo, Flickr, Tumblr, Imgur, and OKCupid, are just a few of the sites that have been vulnerable but have been fixed by now. If your site was vulnerable and has now been fixed, you still need to change your passwords.

Yahoo has fixed the following sites so it is now ok to change the passwords you have used at these sites: Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr.

Links to lists of some other vulnerable sites are below.

More Information

Here are some sites with more information about Heartbleed and what you should do to protect yourself.

Business Insider: Heartbleed Bug Explained

CNET: Heartbleed Bug Undoes Encrytption and Reveals User Passwords

PC World: The Heartbleed Bug Users Guide

Site Pro News: Protection From the Heartbleed Bug

Test Sites

These sites will let you test the web sites you “Log In” to (like your bank, e-mail provider, financial services sites, social media, etc.) to see if they are safe from the Heartbleed bug. If you get indeterminate results from one test site, try another test site.  For the most important sites you use (like your bank) it would be worth checking it out with more than one of these test sites.

https://www.ssllabs.com/ssltest/index.html

http://filippo.io/Heartbleed/

https://lastpass.com/heartbleed/

Lists of Vulnerable Sites

GitHub: List of some vulnerable (and not vulnerable) sites as of April 8, 1200 UTC. The vulnerability of some of these sites may now be fixed.

Tumblr: List of sites that are or have been vulnerable