As I’m sure most have heard by now, a critical vulnerability in the popular OpenSSL cryptography software was announced this week. Nicknamed the Heartbleed Bug, it affects most versions of OpenSSL and the widely used open source web servers Apache and nginx. An estimated 66% of all websites were vulnerable to the bug. If you want to find out everything there is to know about Heartbleed, I encourage you to visit heartbleed.com. If you’re looking for the short version, I found this CommitStrip comic helpful:
Luckily, FreshAddress only had one system affected by Heartbleed and it was one that didn’t contain sensitive information like usernames and passwords. This system has been patched and we have reissued SSL certificates to the affected service.
For all sites where you use login credentials, be sure to check with that site to see if they were vulnerable to Heartbleed. If they were, you should update your credentials (ONLY after the site has confirmed they have patched the bug) with a strong password – choose something at least 8 characters long using a mix of upper and lowercase letters, as well as numbers and symbols. Also, if you use the same username and password for all of your sites holding valuable information, now is the perfect time to remedy that. A service I personally use and recommend to manage passwords is LastPass. LastPass also has a nifty tool to help you determine if sites you use are vulnerable: https://lastpass.com/heartbleed/.