Catching up on my Pocket reads over the weekend, I recalled receiving several questions about which sites were affected by the Heartbleed bug. So, when I came across this awesome breakdown (complete with green checkmarks!) of the sites that have and have not been affected, plus this much geekier take on the topic, I thought others might find it useful.
The short story is, some big sites say they’re safe, no worries, while others have posted notices urging users to change their passwords immediately. Security geeks everywhere are breaking are on the verge of fist fights.
To reiterate a point a fellow developer made, not all sites have made the necessary updates. Because of this, filippo.io’s tool will help assure you don’t update a password on a still-vulnerable sites.
Note that any account not on the list, but for which you’ve repurposed a compromised password or password fragment, is vulnerable until its password is also updated. However, accounts you access exclusively through a compromised service, such as using Facebook or Google to log in, are fairly safe.
This is to emphasize that nothing’s 100% in security. In no uncertain terms, we’ve all been vulnerable to this bug for years, and no future security measure is likely to be 100% hack-proof either. So, the talk around Heartbleed is more about taking this opportunity to review our personal accounts to secure areas that may be compromised—even areas we think of as super-safe, like our bank accounts.
Anyone with a good share about Heartbleed, I’d love to read that, too. Leave a link in the comment section.
P.S. For the super geeky, here’s the long story, complete with stick figures and ad hominum attacks. Enjoy.