Do end users need to do anything about the Heartbleed security bug? What?

security passwords openssl heartbleed

I see in the news about the “Heartbleed” security bug. As an end user, do I need to do anything about it?

Yes!

Know and let others know that all information might have been revealed that was encrypted only by HTTPS for many web servers around the world.
You should contact your service providers and confirm that they have plans or have already taken the necessary steps to correct the vulnerability (presuming they were susceptible to it). This especially includes banks, financial institutions and other services that hold your most valuable and sensitive information. Until they have confirmed that they have applied the corrections, the information that they make available to you via HTTPS remains vulnerable.
Your service providers might disable your previous passwords or otherwise require you to change them, but, if they don’t, change your passwords after they have applied the corrections.

You can find basic information at http://heartbleed.com/

More technical information is available from:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

For those who aren’t end users, see this question on serverfault:

Heartbleed: What is it and what are options to mitigate it?

Related

Recent Posts

org.apache.kafka.common.errors.TimeoutException: Topic not present in metadata after 60000 ms

Why my code runs infinite time when i entered non integer type in c++ [duplicate]

How to retrieve Instagram username from User ID?

Serverless Framework - Variables resolution error

How do we access a file in github repo inside our azure databricks notebook