Important Security Advice [UPDATED 2]
Posted: 09 Apr 2014, 16:16
As you may have heard in the media, a serious security flaw has been discovered in something called OpenSSL. SSL is a typically the little padlock icon you may see when browsing some websites, indicating that the information sent between your browser and the server at the other end is secure. Open SSL is an "Open Source" implementation of SSL and is widely used on all sorts of devices from smart TV's, and NAS boxes to advanced networking equipment and many servers on the internet. The security flaw means that information that is exchanged using Open SSL may not be secure and can be easily intercepted.
There have been many reports in the media today urging people to change their passwords for things like email, banking or for websites that retain you credit card information.
While changing your password is not a bad idea, it will lure people into the false sense of security, in that they will believe they are now secure. This is NOT the case. There is little point in changing your password, UNLESS THE SYSTEM YOU ARE CHANGING IT ON HAS BEEN FIXED. As the vulnerability has only recently been made public, there is no way all of the sites that are exposed to the vulnerability will have been updated to fix the issue. I would suggest that you minimise the number of websites or internet services that contain your personal information or card details, and then check these websites to see if the have the vulnerability using the tool below (or similar). If they have the vulnerability, contact the people responsible and ask them when they expect to have it fixed. After it has been fixed, then change your password. Alternatively, you could delete your information from such sites.
At the bottom of this article is a list of some services and whether or not they are vulnerable at present.
http://www.bbc.co.uk/news/technology-26971363
[EDIT] Sorry guys, just re read what I had said, and just to be clear, if the website you are using is not showing as being vulnerable, you SHOULD change your password as this has either never had the vulnerability, or HAS had it fixed. As there is no way to tell which of the former is the case, better play safe and change your password.
https://www.ssllabs.com/ssltest/
Please note: This is only an issue where the site uses SSL.
There have been many reports in the media today urging people to change their passwords for things like email, banking or for websites that retain you credit card information.
While changing your password is not a bad idea, it will lure people into the false sense of security, in that they will believe they are now secure. This is NOT the case. There is little point in changing your password, UNLESS THE SYSTEM YOU ARE CHANGING IT ON HAS BEEN FIXED. As the vulnerability has only recently been made public, there is no way all of the sites that are exposed to the vulnerability will have been updated to fix the issue. I would suggest that you minimise the number of websites or internet services that contain your personal information or card details, and then check these websites to see if the have the vulnerability using the tool below (or similar). If they have the vulnerability, contact the people responsible and ask them when they expect to have it fixed. After it has been fixed, then change your password. Alternatively, you could delete your information from such sites.
At the bottom of this article is a list of some services and whether or not they are vulnerable at present.
http://www.bbc.co.uk/news/technology-26971363
[EDIT] Sorry guys, just re read what I had said, and just to be clear, if the website you are using is not showing as being vulnerable, you SHOULD change your password as this has either never had the vulnerability, or HAS had it fixed. As there is no way to tell which of the former is the case, better play safe and change your password.
https://www.ssllabs.com/ssltest/
Please note: This is only an issue where the site uses SSL.
