It
tells you whether the site HAS used the vulnerable OpenSSL module or not, and
also whether they have repaired any problem. It flat out tells you
whether to go ahead and change your password, whether it’s not necessary, or
whether to wait to change it. THAT is a lot more friendly! I got it
via a techie group of which I’m a member on LinkedIn.
I’m
sending this email as a reminder that a vulnerability called Heartbleed has
WIDELY hit servers on the Internet and you likely need to take action to
protect yourself.
Here
is a link that describes the vulnerability and what to do about it: https://www.yahoo.com/tech/heres-what-you-need-to-know-about-the-heartbleed-bug-82120054478.html
. There is also a link to the test a web site before using it, roughly
midway down the page under “Who is affected”. It is a good article on the
compromise and words the information for the end user, not the techie.
HOWEVER, if you don’t want to read the article, here is the link: https://www.ssllabs.com/ssltest/
For
the “bottom line” on what is going on and what to do, I have borrowed some
verbiage from a friend who works for McAfee security (thank you
Marilyn!). Here is part of the email she sent to her family, which I have
updated with info on how to check a site’s security online if you prefer:
“I
want to warn all of you of an internet vulnerability that you need to be aware
of. If you do anything on the internet with credit cards, banking,
etc. Anything where you have personal information and are signing on to a
secured site IE HTTPS, VPNs, email and IMs.
There
is a vulnerability called heartbeat in which hackers can listen in on
secured sites and capture your information. This has been in the news and
companies are actively remediating this problem.
What
you need to do is in this order:
1.
Do not conduct business on the internet until the site you use is secure.
2. Contact the
sites you do business with to make sure they have remediated this problem
. The link to check it online is https://www.ssllabs.com/ssltest/
. You just enter the name of the site in question and it will show you
whether the site passes or fails. If you had rather NOT check online, there is usually a fraud number to call that should allow
you to talk to an actual person.
3.
Once the site has resolved this problem, sign in and change your password.
If
you are technically inclined you can read more at http://heartbleed.com/ ”
If
you change your password BEFORE the site has been secured, you will need to
change it AGAIN.
Any
techies in the group who notice an error, PLEASE let me know!! Thanks in
advance!
Submitted by James Phillips
