Heartbleed

[Paul McKeown]

Anyone aware of being affected?

What is the best way for an internet user to handle this?

Loads of passwords for loads of sites, hard to know which are vulnerable. I wouldn't dare dream of using internet banking until this was clearly sorted. Bit of an internet nightmare, but I suppose OpenSSL being holed under the waterline isn't the sort of thing that is easily explained in 30 seconds on the main news of the day.

Note that ecforum seems safe, good work, Carl.

[Carl Hibbard]

Anyone aware of being affected?

What is the best way for an internet user to handle this?

Loads of passwords for loads of sites, hard to know which are vulnerable. I wouldn't dare dream of using internet banking until this was clearly sorted. Bit of an internet nightmare, but I suppose OpenSSL being holed under the waterline isn't the sort of thing that is easily explained in 30 seconds on the main news of the day.

Note that ecforum seems safe, good work, Carl.

Not having SSL means we are not affected.

I would suggest resetting passwords on other major sites however especially if you never reset passwords or worse still use the same password in lots of places.

[John McKenna]

It was suggested last night that changing passwords on Google, Yahoo, etc. would be OK since the major sites will have fixed the 'bug'.
Smaller sites may take more time and so waiting a few days was recommended - as it is not a good idea to change passwords until the 'bug' has been fixed at those sites.

It has been said that domain names can be checked (to see if they have resolved the problem) at -

http://www.ssllabs.com

However, it was not obvious to me how to be sure it had been resolved when I tried a few names there.