UPDATED: About two-thirds of the Internet’s web servers are running software which may have exposed your passwords or other sensitive (read, encrypted) information.
Make no mistake about it. The OpenSSL Heartbleed security hole is as serious for Internet security as a stage four cancer diagnosis would be for you.
– Steven J. Vaughan-Nichols
UPDATE 8:40 am Pacific
“Catastrophic” is the right word [for Heartbleed]. On the scale of 1 to 10, this is an 11.
Bruce Schneier
Heartbleed is still the number one story on Techmeme.
As I note in the Storify, all major sites running OpenSSL should have installed the patch by now, but I give you two ways to check a specific site.
You should change the password for any site where you feel like you would be at personal risk if the account were compromised.
Just because you haven’t received an email advising you to change a password doesn’t mean you aren’t at risk! Everyone is not sending customers alerts: Yahoo and Flickr (owned by Yahoo) had sent me nothing as of midnight Tuesday night. Both were among the major sites running the compromised software.
Known for gnawing at complex questions like a terrier with a bone. Digital evangelist, writer, teacher. Transplanted Southerner; teach newbies to ride motorcycles. @kegill (Twitter and Mastodon.social); wiredpen.com