Earlier this week it was revealed that the Internet was hit by an encryption flaw called the Heartbleed bug.
The story quickly made its way into mainstream media because it’s a very serious flaw that most companies are addressing as quickly as possible. We’ve been carefully following the impact of Heartbleed across the web and monitoring the fallout.
The main takeaway for all web users is don’t panic, but do take action. That action means changing your password on any affected sites but only AFTER you’re sure the site has applied the Heartbleed patch. If you changed your passwords earlier this week before the patch was applied, you’ll need to change them one more time.
There’s been a lot of great coverage on Heartbleed this week and we’ve compiled a list of articles that are the most helpful:
If you want to check whether a site you use or host has been affected, Qualys has a free online service that performs a deep analysis of the configuration of any public SSL web server. Developers can find a code-level review of Heartbleed and links to tools for testing intranet sites on ioactive's blog.
Managing multiple passwords has never been a fun task for most of us. Given the number of passwords that need to be changed due to Heartbleed (You don’t use the same password everywhere right?) you might want to check out a password manager. PC Magazine just put out a great article on the best password managers—their number one recommendation is free.
At iovation our own fraud prevention services have not been impacted by this vulnerability since our load balancers do not use the OpenSSL implementation of the SSL protocol.
Stay safe out there!