Most software vendors/service providers recognized the serious nature of this bug and updated their software (the easy part). So getting the fix is usually easy. The biggest problem is trying to determine if your information has been compromised. You can’t! Attacks leave no trace or very little on the computers that gave up their private secrets. This bug has been out in the wild for 2 years! Maybe nobody found it and took advantage OR somebody did and has all our passwords. N.S.A is that you? The actual risk is probably somewhere in between those extremes.
Most security experts are recommending that we change all our passwords and replace all of our SSL certificates. At the very least change your password on you bank account log-in, but you probably don’t need to change your Facebook password (everybody has all that info). And definitely change your password if you use one password for everything. Yea, it is hard to remember all of them, but you can let your computer do the remembering. Start using a password safe like KeePass or KeePassX to create and store long secure password using one password, that you have to remember, to save them on your system in an encrypted file.
More info about Heartbleed Bug:
- United States Computer Emergency Readiness Team (US-CERT) notice
- Carnegie Melon Software Engineering Institute Vulnerability Note VU#720951
- N.S.A. Campaign Against Encryption
- Heartbleed.com A bug with it’s own web-site!