Help me understand this whole Heartbleed security bug thing

Discussion in 'Community Discussion' started by GanChan, Apr 8, 2014.

  1. GanChan macrumors 6502a

    Jun 21, 2005
    According to this article:

    ...I'm advised to wait until all my banking institutions, etc. announce that they have fixed the encryption glitch before I change my passwords, because doing it now on a non-secure site would be mega-dumb. Right?

    Problem is, I'm not seeing anyone making any such announcements that they've done anything to plug the hole yet. So how long can I safely wait to change my passwords?

    Not sure how to handle this.
  2. Garsun macrumors regular


    Oct 20, 2009
    The email server I use "MyKolab" just let me know that thay have been fixed.
    So there's one..... I have not seen anyone else I use announce anything yet:(
  3. Nermal, Apr 9, 2014
    Last edited: Apr 9, 2014

    Nermal Moderator


    Staff Member

    Dec 7, 2002
    New Zealand
    You can use this checker to see whether a site is affected. Note that a "pass" does not guarantee that it's safe to reset your password as it's up to the site owner to revoke all existing certificates. If the server has been updated but the "broken" certificates are still out there then there's still a problem.
  4. Prof. macrumors 601


    Aug 17, 2007
    So how will we know when it's safe to change all our passwords?:confused:
  5. SilentPanda Moderator emeritus


    Oct 8, 2002
    The Bamboo Forest
    Google the site name along with heartbleed to see if anybody else has asked and found out, otherwise contact the site directly.

Share This Page