Tags

, , ,

Ryan BergAs many of you are already well aware of there has been a serious flaw in OpenSSL that is a foundational open source library used for SSL encryption. There are plenty of places to get more information but if you haven’t at least read http://heartbleed.com/ you can start there.

We all have accounts at a lot of different places some more critical than others (salesforce, expensify,home banking etc). I would highly recommend that you take the time today to take measure of the passwords you use and where you use them. If you have a yahoo password that is shared among many accounts better safe to assume this has been breached.

I for one have been systematically changing my passwords and recommending friends and family to do the same. The unfortunate thing about this attack is that it has been around for years and there is already evidence that it has been active in the underground before the public release. With this in hand, I would highly recommend you change your passwords today (and for the truly paranoid it is always a good idea to rotate passwords, I rotate mine for critical sites every 90 days).

There are plenty of password locker applications available for those of you that don’t have a scheme for remembering passwords (and I am sure nobody uses the same password at multiple sites) and if using a mac keychain works great, but I also use pwSafe for my iPhone and iPad.

– Ryan Berg