SEE UPDATE BELOW. THIS LINK FROM NYT IS BEING QUESTIONED AS NOT RELIABLE.
The New York Times has published an article about the Heartbleed Security Flaw with a link to a site where you can check if any website has been "upgraded to patch the problem."
Just type in the box, e.g., Paypal. com, or 'Big Bank.com', etc. and it will search and let you know if it has been unaffected and/or fixed. It is useful to see where various websites stand in this regard.
If this information is reliable it is very helpful
Found this whole article, Q. and A. on Heartbleed: A Flaw Missed by the Masses, very helpful. It clearly explains what the Heartbleed problem is to those of us who are not very computer literate and gives concrete suggestions in a Q&A format:
Q.
What should everyone do?
A.
There are two things I recommend. There are some sites where you can check if the websites have been upgraded to patch the problem. First check your site to make sure it’s been patched. If it has been patched, then go ahead and log in and change your password. If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password.
Q.
What about credit card numbers and other information you might have entered online?
A.
That’s a good point: Any data that you sent — whatever you’ve typed into a computer that’s gone to somewhere else — is at risk, like your Social Security, bank account and credit card numbers. The hacker could have gained access to anything.
But I’d say that the first line would be start with your password and work your way backward from there. Start monitoring credit card statements, and if you see suspicious activity, call the bank.
I would be interested in any feedback from our resident computer geeks as to the value of this article and link.
You might be interested in this search:
Go!
All good, www.dailykos.com seems fixed or unaffected!
Chuckle! Chuckle!
UPDATE:
Another way to check on affected sites:
ht/ terremoto:
"For those who use LastPass password manager, running Security Check will show affected sites."
UPDATE TWO:
Wilderness Voice cautions that the above link to check websites may not be reliable.
h/t wilderness voice:
need to put this right up front the site linked in the diary does not reliably tell you if a website is insecure. I tried it for a particular website and got half a dozen indications all was ok before a definitive fail. Here is a better, but not perfect, site: LastPass Heartbleed checker
I have also diaried this problem here: Major Internet Security Bug Found..
UPDATE THREE
h/t LeftyAce
http://arstechnica.com/...
"People who are truly security conscious may want to change passwords a second time if they notice a patched site later updates its digital certificate."
There does seem to be some disagreement whether the key compromise is a serious issue:
http://www.cnet.com/...
In the cnet link, one research team states that they were able to compromise their own keys. Another says they did not see keys. Given that information, I'll be checking that the certificates are re-issued before bothering to change my password.
Here are instructions on viewing certificates:
http://www.ehow.com/...
>
.