This is really serious and everyone should be aware of the implications.
Heartbleed is the sort of flaw that gives systems admins huge nightmares.
On vulnerable websites there is a significant possibility that your passwords have been revealed to hackers making use of the bug. Worse than that, if a site has been compromised there is no evidence!
It would be good practice to change all the passwords you use on the internet. Now.
…unless you have evidence that the services you use are not part of the problem.
At Cloud Genius, we have performed a full review of the services we use.
- Services to back up websites/update plug-ins. For clients that subscribe to this services one was not vulnerable, the other service has been secured and we have taken steps necessary to prevent any problems. No action required on your part.
- Website hosting – our provider has informed us that they are vulnerable. Until they update all their systems you may wish to change the password on your account at http://webhost.cloud-genius.com. Once their patching process is complete you should change your password again on the account. We will endeavour to let you know when this is.
- Paypal – our understanding is that Paypal is not affected.
- Teamviewer – our remote control solution of choice is not affected.
- Salesforce – To the best of our knowledge is not affected.
- LastPass – our password management software of choice is not affected. (And helped a lot in fixing services that were affected.)
Here is a list of other networks that were affected – these include people like Google, Yahoo and many others.
This is really serious. Make sure you are not caught out!
One positive – LastPass was able to scan all the services we use, list the affected services and make password changing a doodle! Highly recommended… and much more secure than any other system we have come across.