Saturday, 19 April 2014

Heartbleed - Are your sites vulnerable?

There is a lot of conflicting information about the possible causes and effects of this exploit, and the best way to deal with it. Unfortunatletly there is no simple answer because a site may claim it is not effected because they upgraded last week, etc, but how about if you had an account since last year, before they patched, and you have not recently changed your password, or if they are effected, and yet to patch, what then? You could change all your passwords for everythng right now and then find you have to do the same thing again when you are sure that the dust has settled. You could also be foolish enough to use the same password for several sites and because you re-use your password on a safe site, somebody could still compromise this account because they know your password from another site that has already been compromised?

As if the situation was not complicated enough you also need to be sure that any effected site has also renewed their certificates after patching, otherwise they are still vulnerable!

One simple thing you can do right away is to see if the sites you use the most are on the list of effected sites:

No comments:

Post a Comment