To quote Tumblr, "This might be a good day to call in sick and take some time to change your passwords EVERYWHERE -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug".
Heartbleed is a bug in the security software that was supposed to make the “S” in "HTTPS://" secure. Some are saying the buggy version of the software is in use in 60% of the internet. It has been out there for two years but was only discovered this week.
That is, it was only discovered this week by anyone in whose interest it was to disclose the discovery. It is entirely possible others have know about, and have been exploiting the bug since it came into existence in 2012.
Are you affected?
It’s hard to say. The experts are still trying to assess all that. The Canadian banks say all is well and don’t be afraid to use their on-line banking but the CRA has shut down their website in the middle of tax season to assess the situation (http://business.financialpost.com/2014/04/09/cra-shuts-down-website-during-tax-filing-season-as-heartbleed-bug-exposes-serious-flaws-in-online-security/?__lsa=9254-8b6e).
What should you do?
Change all your passwords (and don’t forget to make them long . . . like 18 characters if you can). If the site your password is on WAS affected, the potential is there for it to have been secretly stolen. If that site is now patched, a new password “should” be secure again.
Want more information about Heartbleed?
Visit http://heartbleed.com/
Want to see a list of popular sites that might have been affected?
Visit https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
Want to test a site?
Try this tool: http://filippo.io/Heartbleed/
And as always, if you want our advice, just give us a call: (613) 967-9648.
