If you follow these things or even if you don’t, you may be aware of a flurry of IT geeks telling you to reset you passwords.
It’s good advice.
Without getting too technical why? Well to make your on line communications secure and not tell your passwords to the bad guys out there. Those same bad guys who would clean out your bank account. There are one of two major systems used. One you may have heard of is Microsoft and they are good, solid as a rock, as secure as you can get. The one you may not have heard of is “OpenSSL”. It’s just been revealed OpenSSL has been vulnerable (it’s been called “Heartblead”).
Unfortunately you don’t know which you are using: Microsoft OK, “OpenSSL” not so. We do know what we use and where and it’s overwhelmingly Microsoft. So no need to change passwords when you are using Ava or our hosts Rackspace. In the one area we do implement OpenVPN (and consequentially OpenSSL) the version in use is not any of the versions which have the Heartblead issue.
Elsewhere, please change your passwords!
There is a list of popular web sites, if they were affected, have they been fixed (safe to change your password) here
A list of the top 630 sites that have been or are vulnerable and the top 3687 that are not vulnerable
You can test individual sites here (example Ava.co.uk) paste the following link into your browser. Unfortunately at the time of writing, there is not a secure link to this test site:
more here http://mashable.com/2014/04/09/heartbleed-nightmare/
Further to the above posts, the issue has been raised that it is (apparently) illegal under UK law to probe 3rd party sites for security purposes. So you should not "test" sites that you don't already have a relationship with.
Heartbleed health checking services may be illegal?