By now you have likely heard of a vulnerability with OpenSSL that has been dubbed Heartbleed.  This vulnerability can allow an attacker to remotely gain access to sensitive information on services that use vulnerable versions of OpenSSL.  We did a self assessment here at Shavlik and we can confirm for our customers that Shavlik Products and Webservices are NOT vulnerable to this issue.  Yay!

Now, that being said, what does this mean for you on a personal level?  How does this affect your bankbrokerage sites, the social media sites you use, pretty much any web site or service you login to?  Check out this list which covers a lot of the big names you will be concerned about.  Good news is the major banks and brokerages are covered (collective sigh of relief).  Facebook and Gmail were exposed, but have since plugged the vulnerability.  You should change your Facebook password to be safe, but Google is standing firm and confident in their speed to plug to gap and suggest that their users should not have to.  Use your discretion there.

Also remember your kids.  Got some snapchatters in the family?  DON'T CLICK THE SMOOTHIE NO MATTER HOW GOOD IT LOOKS!!! If you did, or if your friends are getting smoothie related pictures from you, change your password.  Snapchat has reportedly made some changes to secure accounts, but better to be safe than sorry.

If you are not sure of sites or services you use and they are not on the list above the best methods to find out if they are exposed it to Google the productservice + heartbleed (pretty much everybody is talking about this) or use one of these sites to test the site or service you are concerned about.

For those of you running a known vulnerable version of OpenSSL there is guidance on a workaround and a patch available.  Check out the page for full details about the bug, affected versions, workarounds, and more.