Security Alert – Heartbleed 2

heartbleedI had wrongly advised before to simply change your passwords for services you find critical. What I should have said was to:

a) consult your online services and check if their services have been affected

b) if they have been affected check if they have implemented an update to handle the bug

c) after a patch or update has been implemented by the service providers change your password.

It is important that you change your password after the implementation of a fix, otherwise your new password would also be vulnerable.

Also since  services are sending out emails to inform of a fix and to change your password, it is likely that attackers will also send out fake emails for real services but with URLs of their own so as to get your credentials. So be aware of fake emails.

Leave a Reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.