Help me understand this whole Heartbleed security bug thing

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
590
24
According to this article:

...I'm advised to wait until all my banking institutions, etc. announce that they have fixed the encryption glitch before I change my passwords, because doing it now on a non-secure site would be mega-dumb. Right?

Problem is, I'm not seeing anyone making any such announcements that they've done anything to plug the hole yet. So how long can I safely wait to change my passwords?

Not sure how to handle this.
 

Garsun

macrumors regular
Oct 20, 2009
177
175
The email server I use "MyKolab" just let me know that thay have been fixed.
So there's one..... I have not seen anyone else I use announce anything yet:(
 

Nermal

Moderator
Staff member
Dec 7, 2002
18,690
1,185
New Zealand
You can use this checker to see whether a site is affected. Note that a "pass" does not guarantee that it's safe to reset your password as it's up to the site owner to revoke all existing certificates. If the server has been updated but the "broken" certificates are still out there then there's still a problem.
 
Last edited: