Heartbleed bug – what you should do NOW

The Heartbleed bug is serious. Disclosed less than two days ago, the Heartbleed bug has sent sites and services across the Internet into patch mode.

For an in-depth explanation of what exactly Heartbleed is, and what it does, read this post by CNET’s Stephen Shankland. In essence, the bug potentially exposed your username and password on sites like Facebook, Google, Pinterest, and more.

The Canadian banks report their sites were not vulnerable, though the federal government is. For that reason, Revenue Canada has disabled their system including all efiling of taxes. If you are late filing because of this, there will not be a penalty.

GO TO ALL YOUR SECURE ACCOUNTS, EMAIL, OTHER SERVICES ON THE LIST BELOW, AND CHANGE YOUR PASSWORDS.
Use passwords that are longer than 8 characters, contain upper and lower case, numbers and symbols (such as ! * etc). You can choose one good password and alter it for each site. DO NOT leave your passwords written near your computer. I recommend the use of Lastpass (www.lastpass.com) as a safe, free, secure password manager. I use it myself.
The following list is being updated often by CNET. Check the latest list for status of websites at
Site Qualys Confirmation from site
Google Pass Vulnerability patched. Password change recommended
Facebook Pass Vulnerability patched. Password change recommended
YouTube Pass Vulnerability patched. Password change recommended
Yahoo! Pass Vulnerability patched. Password change recommended
Amazon Pass Was not vulnerable
Wikipedia Pass Vulnerability patched. Password change recommended
LinkedIn Pass Was not vulnerable
eBay Pass Was not vulnerable
Twitter Pass Was not vulnerable
Craigslist Pass Awaiting response
Bing Pass Vulnerability patched. Password change recommended
Pinterest Pass Awaiting response
Software running at NCF was not vulnerable to the bug.

As always, let us know if you have questions or concerns.

Updates: You can also check this site for passwords that need changing now: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

You’re going to see all kinds of e-mails soon about magic solutions to all your Heartbleed problems. They’ll probably all be spam either bearing malware or pointing you to sites that contain malware. There’s no quick fix for Heartbleed.