Seldom do I endorse Internet and computer security alerts, but today a real concern surfaced.
The problem is being called “SSL Hearbeat” vulnerability, and is caused by servers running out of date versions of OpenSSL. OpenSSL is a piece of server code that provides secure connection for transactions such as banks, shopping sites and some email.
Understand, this does not effect your personal Mac, iPhone or iPad. The problem has to be fixed at the other end, the servers on the Internet that handle transaction for you. Websites like major banks, Apple, Amazon, Google, appear to have been updated and are not vulnerable. Mostly it’s the small or poorly managed servers to be cautious of. If there is a site you need to use but are not sure about, there is a web-tool to test websites called Heartbeat Checker.
My recommendation is that my client’s check their bank website for notification that their security has been updated, then login and change your password. You should also check any shopping site that you use, such as Amazon, ebay, paypal, Sears, etc and change your password once they are secure. Finally, change the passwords for your email, Facebook, Twitter, etc. And as always, write down your new passwords and store them in a secure location or use a password managing app like LastPass.
When I checked with a Mozilla IT security specialist that I trust, this was his response:
A key piece of SSL was revealed to have a 0-day vulnerability. So there is a possibility that your passwords may have been exposed in any online transaction. So in order to be safe rather than sorry, the recommendation is to reset your major passwords that you use to access LDAP, email, webpages, etc. We sent the email out to all Mozilla employees today.
More information can be found at the website Cult of Mac-Heatbeat Bug
L.A. Times: Internet users advised to change passwords