View Single Post
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 17,027
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Now that a few days have passed, some dust has settled and things seem clearer.

The OpenSSL bug allowed attackers who were monitoring a site to "see" the contents of RAM for a while after you've input login credentials. That's a serious flaw, but your risk of this happening to you individually seems, to me, pretty low.

Mashable has a list of "sites where you should change your password" such as Yahoo (ie, they have patched the issue but were using OpenSSL and thus your password MIGHT have been compromised. Maybe. Possibly.)

Banks (and Apple, and Microsoft) don't use OpenSSL, so its a non-issue with them (as you can see from the Mashable page).

If you use iCloud keychain or 1Password or a program like that, this is an excellent opportunity to change your password from something old and weak to something new and strong. Take advantage of that.
QUOTE Thanks