A flaw in the most popular web encryption system could leave people vulnerable to data theft according to security researchers. That little padlock in the lower right corner of a browser window or the letters “https” in the address bar are supposed to mean that the site is encrypted but the most popular method, called OpenSSL has had a hole for at least two years.
The Heartbleed bug “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” according to Codenomicon’s Heartbleed.com site, which added, “This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
Test sites you visit
These tests aren’t 100% definitive. It are an indicator of whether the site you’re using is currently vulnerable, but it doesn’t indicate whether it may have been affected in the past. So even if the site you enter comes up clear there is no guarantee that it wasn’t vulnerable earlier. Still, it’s worth checking the Lastpass Heartbleed checker, the Filippo Valsorda’s report and the Qualys SSL Labs report. CNET has posted a list on the Heartbleed status for top 100 sites.
Is it time to change passwords?
Some experts are advising people to change their passwords right away but others suggest that it’s better to wait until you know your site is clear, lest you simply give hackers access to the new password.