Handling Heartbleed: Getting Informed
Consumers are now bombarded daily with warnings about Internet threats. It becomes difficult to know what to listen to especially when many are fraud attempts themselves and others are overblown marketing gimmicks. Many, unfortunately, are very real and require our attention.
When somewhat vague reports of a security flaw impacting "most of the Internet" came to light in the last 48 hours certainly many tuned out, but even for those who took notice it was difficult to understand what could be done. The "Heartbleed" bug impacts the Secure Sockets Layer (SSL) package which is used to protect web communications. Basically, anyone using the web for transactions (which is almost EVERYONE) is vulnerable to some extent. However, this is not a "virus" or exploit on your computer or a mass phishing attack. The problem exists on the provider or vendor end of web communication. Unlike many other threats which rely on client-side vulnerabilities (the user's environment) this is beyond the consumer's control. There are no upgrades or fixes available to the user to address it. The consumer has been informed, mostly through rumor, to either change passwords or don't change passwords for a "few days." This is not an effective communication to address the issue.
Part of the problem is that it depends on the service-side provider or vendor upgrading their SSL package to fix the bug. If they have done it, then change your password. If they have NOT done it, don't change your password and maybe don't even use the service. Also, consider going to directly to the source and ask the services directly, for example Yahoo, Facebook, or your bank. Digital Citizens is staying on top of this story and will be providing more meaningful information with regular updates!