There is a zero-day attack (meaning there was no patch) that allows attackers to bypass your encryption. Attackers can bypass your website’s security, as well as access all of the information you thought was “secure” at the websites you use – like banking sites.
What to do:
First: Ask your web application designer to patch OpenSSL if your site uses OpenSSL (about 85% do). Consider telling them to “get new keys” for your site in case your old keys are already stolen.
Second: Reset your passwords on the websites on which you care to keep your information secure. Know that the web site’s you’ve been visiting may have already been compromised, and will remain compromised until those sites fix the problem. Once they fix the problem, you need to reset your password again.
LastPass created a tool that will allow you to see if a site is susceptible to Heartbleed. Visit: LastPass
Websites, perhaps including yours, that use encryption, may be completely vulnerable. Attackers can access the “keys” that are used to securely lock your data during transit. Once the attacker has the keys, they can read sensitive data from your site and use the keys to bypass your protection. Without getting technical, this relates to sites that use the “s” as in https:\\websitename.com vs. sites that aren’t encrypted http:\\websitename.com
Additionally, until the websites that you visit apply their fixes too, your information will be vulnerable too. This includes shopping sites, banking sites, and other sites that you trust. Not only do the sites need to patch the security holes, they need to register for brand new “keys.”
Please post your comments below ….