With the recent publicity on Heartbleed, thought the following would be of interest as a condensed explanation. Published by re/Code Daily, comments by Walt Mossberg, formerly the journalist for computer tech etc. at the Wall St Journal. Most important, should anyone have additional clarification or correction to the information below, please post.
Q.Reading about the “Heartbleed” security flaw leaves me confused. What can I as a consumer do to protect my data? Must I change all my passwords?
A.There’s very little any average consumer can do to ensure that her data is safe, because this extremely nasty security vulnerability directly affected servers of the websites you use, and not individual computers or other devices. Still, if hackers exploited it, experts say they could have stolen consumers’ passwords. Trouble is, even sites that now say they were affected can’t say for sure if anything was stolen.
The best thing to do is to wait until a site you frequent tells you it has patched the security hole, and then change your password. You can also check if a site is fixed or still vulnerable by typing its address into the online tool here, provided by the security company Qualys, which rates sites’ security by letter grade. If a site gets any variation of an A, I’d advise continuing to use it, but with a new password. If it gets anything less, I’d try and stay off of it for now and wait to change the password. (If you are an Apple user, the company says its operating systems and “key Web-based services” weren’t affected, but that doesn’t mean that sites you visit on Apple devices were unaffected.)
https://www.ssllabs.com/ssltest/index.html