A serious vulnerability in several OpenSSL versions was publicly disclosed on Monday. Most major Linux distros have already incorporated the patched verison of OpenSSL into their repositories so make sure you go and upgrade all of your machines right now if you haven’t already. In some cases that might not be enough and you should think about having all of your SSL certs reissued as well as having your users change their passwords. The discussion around the internet about this bug has been pretty interesting so if you haven’t already heard about the bug I can suggest you checkout the following links:
- The Official announcement on heartbleed.com
- The discussions on the Stack Exchange sites, in particular this post on superuser
- How to Protect Yourself From the Heartbleed Bug
- List of affected sites on musalbas github
- Flaw Calls for Altering Passwords, Experts Say
Now get out there, patch your s*** and change your passwords! Give LastPass a try if you haven’t already; they’ve implemented a feature in their Security Check tool that will automatically warn you if one of the sites for which you have a password stored is affected by Heartbleed. Besides that it’s a great tool for managing your passwords and a lot more.