I woke up and opened my emails at about 6am this morning, just to receive multiple emails from different companies (including IEEE) about the vulnerability discovered in the OpenSSL library called the Heartbleed bug. The vulnerability makes it possible for seemingly encrypted data to still be accessible over SSL/TLS security.
Over 66% of websites using OpenSSL were affected by this vulnerability, and I have confirmed that the following were affected:
While a fix has been issued and servers are patching up to close this loophole, internet users of the affected websites (and other websites in general) are advised to change their passwords right away.
Tips for Changing Your Password
IEEE suggests that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites. Also, remember that no matter what website you are on, it is important for you to make sure that you protect your account security and privacy
Changing Your Password:
• Never change your password by following a link in an e-mail that you did not request, since those links might be compromised and redirect you to a site set up to steal your personal information.
• In order to be effective, you should aim to update your online account passwords at least once a quarter or every few months.
Creating a Strong Password:
• Variety – Do not use the same password on all the sites you visit.
• Do not use a word from the dictionary.
• Length – Select strong passwords with 10 or more characters that cannot easily be guessed.
• Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
• Complexity – Randomly add capital letters, numbers, punctuation, or symbols.
• Substitute numbers for letters that look similar (for example, substitute “0“ for “o” or “3“ for “E”).
• Never give your password to others or write it down.
A few other account security and privacy best practices to keep in mind are:
• Sign out of your account after you use a publicly shared computer.
• Avoid connecting to public Wi-Fi hotspots where the provider of the hotspot is unknown to you.
• Keep your antivirus software up to date.
• Report any privacy issues to relevant service or customer content centers.
SO WHAT ARE YOU WAITING FOR?!? GO CHANGE YOUR PASSWORDS!!!