Passwords vulnerable after security flaw found

"SAN FRANCISCO (AP) — An alarming lapse in Internet security has exposed millions of passwords, credit card numbers and other sensitive bits of information to potential theft by computer hackers who may have been secretly exploiting the problem before its discovery.

The breakdown revealed this week affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce.

Security researchers who uncovered the threat, known as "Heartbleed," are particularly worried about the breach because it went undetected for more than two years............

http://www.usatoday.com/story/tech/2014/04/08/passwords-vulnerable-after-security-flaw-found/7486623/

"Three questions about the 'Heartbleed' bug":

http://www.usatoday.com/story/tech/2014/04/09/heartbleed-five-questions/7501033/

Most major things are patched by now as insiders in the bus find out before it is announced to the world. In other words ask your bank if they have patched bet answer is yes. Still CG is right on posting this so folks are aware of this major security breech.
Z

Again, it is about taking ownership and not expecting someone else to do things for you. We are in the process of changing every single password each of us has and using a more complex formula to assign different passwords to each and every account.

The following article explains Heartbleed and provides a listing of various site & services that may be affected:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?cid=146326&ctst=1

Even though I don't use McAfee, I did receive notice and some recommendations on what to do:
"Reset your password for every online service affected by Heartbleed. But beware: you should only change your password after the afflicted business has fixed its servers to remove the Heartbleed vulnerability. Changing your passwords before a company's servers are updated will not protect your credentials from being leaked."

Here is a list of sites that have been patched so you should change passwords. It is updated as they hear from more sites:

http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html?hpt=hp_t3

"Heartbleed is about to get worse, and it will slow the Internet to a crawl":

"Efforts to fix the notorious Heartbleed bug threaten to cause major disruptions to the Internet over the next several weeks as companies scramble to repair encryption systems on hundreds of thousands of Web sites at the same time, security experts say.

Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.

The sheer scale of the work required to fix this aspect of the bug — which makes it possible to steal the “security certificates” that verify that a Web site is authentic — could overwhelm the systems designed to keep the Internet trustworthy............

http://www.washingtonpost.com/blogs/the-switch/wp/2014/04/14/heartbleed-is-about-to-get-worse-and-it-will-slow-the-internet-to-a-crawl/?wpisrc=nl_eve

"Authorities in Canada have made what appears to be the first arrest related to the Heartbleed encryption bug that pushed millions of people to change their passwords, taking a teenager into custody this week for allegedly hacking into the country's tax agency website"................

http://time.com/66140/heartbleed-canada-arrest/