By now I am sure many of you have heard about a vulnerability affecting more than half of the web servers that do secure online transactions (including but not limited to, logging into websites where you supply a username and password, sites that you may do purchasing on, etc.). This is due to many servers running an open source secure socket layer (SSL) software called OpenSSL. SSL software encrypts the connection between your device and the web server, so it cannot be decoded and exploited while in transit.
At EOS we run two servers that do SSL transactions, and neither of them are affected by Heartbleed. One runs a completely different SSL software, and another runs a version of OpenSSL that is not affected by heartbleed (OpenSSL versions 1.0.1 and 1.0.2-beta are affected).
In any case, if you use the same username and password on multiple websites, you should check to see if any websites you access on a regular basis would be affected, and change your passwords accordingly. Note that some of the websites that were affected before the vulnerability was publicly disclosed are:
- Google (this would include youtube and gmail)
Which probably encompasses most of the common web services people use. So best practice is to change your passwords, and use different passwords for each site/service. There are a good number of password management systems out there that will create complex passwords for each site, and remember them for you across your devices such as 1Password. If anyone knows of similar software that they use and are happy with, by all means add a comment below.