The Heartbleed OpenSSL Vulnerability and Your Website

It has recently been discovered that a vulnerability in OpenSSL versions prior to 1.0.1g expose memory on affected systems allowing an attacker to steal user names and passwords and possibly other data.  If you run your own server you should update OpenSSL immediately if you haven’t already.  If you use a hosting service for your website you should contact them and find out if the server your site is hosted on is vulnerable or if it has been updated.  LastPass provides an online tool you can use to check a website for the Heartbleed vulnerability.

A number of major websites have reportedly been compromised by the Heartbleed vulnerability, including Yahoo, OKcupid and Bing.  If you have visited any of those sites or any others that may have been compromised, you should change your passwords immediately and clear your browser cache and cookies.  It is also a good idea to limit your web activity over the next week or so to allow enough time for affected systems to be updated.