Today's news about the Heartbleed bug means that many websites you use (up to two-thirds of the Web, reports The New York Times) have been more vulnerable to hackers than anyone thought.
It’s not known how many sites may have been compromised. Most consumers should play it safe by following the advice of the security expert Tom Brennan, Vice Chairman of Open Web Application Security Foundation. “You should change passwords immediately, especially for services where privacy or security are a major concern,” he told Consumer Reports.
Given what is known about the Heartbleed bug so far—that it had gone undetected for as long as years—it’s also prudent to check the balances and transactions in your checking, savings, and other financial accounts. But don't panic. There's no concrete evidence yet that many sites or consumers have suffered as a result of the bug.
Amazon has said that its systems aren't vulnerable to Heartbleed. Google and Yahoo have said that they have remedied the bug on their key services.
The security and cryptography expert Filippo Valsorda has created this website where you can find out if a site you use is vulnerable to Heartbleed, although we haven’t tested this tool.
We'll have more on Heartbleed as information becomes available.
—Jeff Fox
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2007-2013 Consumers Union of U.S.
