'A "serious vulnerability" has been found in the software that often encrypts your user name, password and banking information when you log into "secure" websites, as indicated by the little lock icon in your browser.

The "Heartbleed bug" has the potential to expose huge amounts of private data, including user names, passwords, credit card numbers and emails, since it was found in a popular version of OpenSSL software code. The code is used by over two-thirds of active websites on the internet to provide secure and private communications, reported a website set up by security researchers to provide information about the bug.'

This means all the data you send to affected servers (passwords, security information, etc.), which would previously have been protected by the OpenSSL software commonly used on the Internet, is visible to 'anyone on the Internet'. This affects previously secure sites with the 'https://' prefix to their address. Unfortunately, this problem is not fixable by users. The companies themselves must update their software to prevent the bug from being exploited. In the meantime, it is strongly advised to halt usage of sites that have been found vulnerable. Changing passwords is not enough, because if the site remains insecure, a hacker can still easily access the new password.

You can check if a site you use is still compromised with the tool on the Heartbleed website below.

source, source, source
Heartbleed site: http://heartbleed.com/

The most simple thing to solve yet nobody may understand knowledge already their.

*there

Just learned that hackers can now decrypt everything you've ever sent to the vulnerable service(s).

It's also been vulnerable for about 2 years.

Basically, stay up to date on when the affected companies have updated their software, and as soon as that happens change your password on that site.

However many companies are securing biometric scanners in replacement of passwords to prevent further decryption

Decryption takes such a firm stand whicg might lead to the halt in using passwords

The news in my area regarding this has died down a lot. Is this thing still something to worry about or

>>7 Yes.
Most, if not all affected sites have updated their certificates and keys by now, and patched their OpenSSL, but if you haven't changed your passwords, you are a sitting duck.

Any password you sent over the last 2 years was visible to any single person on the Internet that knew about the bug. Everybody then knew about the bug for the couple days after it was discovered and published, so if you used the Internet at all during that time, your passwords are almost certainly compromised.

Stop what you are doing and change every password you have, if you have not already done so. All of them are more likely than not compromised.

>>8 changing passwords never work but having a vigilant alert security scanner might be able to capture the bugs one time appearance or find an app credible to protect these passwords

>>9 'changing passwords never work'
Please explain.

>>10 sorry i wld phrase it in another way, even if you DO change passwords, most sites DONT patch up their OpenSSL they only allow the certain site to be alerted and there is not only one loophole from OpenSSL that allows the heartbleed bug to hack into thre account therefore there is no total heartbleed bug prevention

When i changed passwords on a certain app which decides to tell me they patched it up alrdy and somehow the "lookout heart bleed scanner app" thingy managed to capture a possible loophole!

The news in my country said that there was hardly a proper solution

Thats what i know of it at least, if theres any problem with my statement, i apologise

>>11 The bug has been published, so it's very unlikely a site hasn't patched their OpenSSL. Is you are talking about LastPass, all of my sites were patched, but it is possible there are sites that aren't. However, changing passwords is the only thing an end user can do right now. Yes, it would be best to research the individual sites and find out if their OpenSSL has definitely been patched or not, but most people won't do that, and at this point it is very likely that affected sites have already taken steps. Most sites did that on the first day.

It's only one bug that allows attackers to trick the affected server into giving up 64K of random text in its memory, including keys used to encrypt passwords. There may be other bugs, but let's be honest, there are always other bugs.

Basically, it might not be the end-all solution to this problem, but it is the best thing for a user to do right now.

Issue has been solved by last Monday, though its recommended people change their passwords from all sites infected (which was pretty much every site). Reason being is because even if the bug has been patched and etc. your password is still out there to look at because its still under the open content. This is just a recommendation, its not a need to do so but for those who want to keep the same password's be wary of the danger.

>>14 'its not a need to do so'

I would say it's a need.
If you know someone else has your password, hashed or not, I think it's a pretty significant need to change it.

good to know :) my account on a site was hacked once and it nearly ruined many of my relationships,don't wan't to go though that hell again. changed my password on that site though so it's good.

>>15 I agree, I was just stating that because... well people can be stingy and stubborn with their stuff. Believe me, I know a few people who are too stubborn to change their passwords even with my warnings. I probably should have put a highly recommended tag or something, but I'm not going to right up tell people "Yo bro! Change your password or else your gonna get hacked!" XD I mean the warning is there, heed or don't. But be prepared for the consequences. I didn't mean any offense if this is read that way.

>>17 I have also experienced this first-hand. It's bad enough when they won't change their passwords they've had since grade school, but they won't when their password has almost certainly been compromised? They don't deserve to have any security anyways.

I did not take offense, no worries, I was only confused. However, it seems you are a little more professional than I am. I would certainly use scare tactics if it got them to change it. No one I know takes this kind of stuff seriously or even knows about it.

I guess we'll just have to wait until someone important gets their account stolen for others to take any action.

>>18 I'm sure plenty have already, maybe unreported or unheard by the mass media. Though can't expect the whole world to do it without a moment's hesitation, as the modern day civilian doesn't go look up these things, however news spreads fast. One way or another, people will change their passwords to prevent such take overs. All I can really do is inform those who I know, and offer advise.