So, I’m not 100% on what the hell Heartbleed is, but I think it goes a little something like this: Change these passwords, NOW! Which ones? To start, Facebook, Tumblr, Google/Gmail, Yahoo/Yahoo Mail, Go Daddy, TurboTax, Dropbox, OkCupid, and SoundCloud.
Mashable has a great, detailed list. The above are the highlights. So, is it a big deal? Well, a computer-security expert the entire Internet is quoting (because it’s a good quote and is indebted to This is Spinal Tap) had this to say: “’Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”
So what is it? Heartbleed is a major security bug that affects SSL encryption, which is basically how things get encrypted between a server and a client. You don’t need to know exactly what that means to be concerned.
From the Heartbleed website:
“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”
This is a bigger pain in the ass than I’d expected. I’ve never felt pressure to come up with so many new passwords! Oh yeah, please don’t use the same password for all your sites. It’s a smart bet to start using something like LastPass, which creates different, tough to crack passwords for all of the sites you sign in to, that you access via one master password. The idea is that passwords should look more like 56&89kl09#4 than like daiSey83, but it’s tough to keep track of unique, random passwords for every site that requires one. They’ve also been kind enough to offer the internet the LastPass Heartbleed checker, which you can use to check sites you use.
So, check your sites, change your passwords, and maybe even change up the way you’ve been handing passwords all together. Do it now.
Heartbleed noted that you may need to wait to change passwords if affected sites have not secured themselves when you change your password — your new password will still be vulnerable.
http://www.telegraph.co.uk/technology/internet-security/10756807/Heartbleed-bug-which-passwords-should-you-change.html
By Sophie Curtis11:50AM BST 10 Apr 2014
However, other security experts are advising consumers to wait, warning that if users change passwords while sites are still vulnerable, their new passwords will be exposed too.
They recommend that, before making any changes, users should check a site for an announcement that it has dealt with the issue. Alternatively, they can find out if a site is still vulnerable by copying and pasting the URL into this website.
http://filippo.io/Heartbleed/