OpenSSL's Heartbleed bug has made worldwide news this week, and for good reason: it compromised the security of a huge portion of the web (including TR). Because the bug potentially exposed passwords to prying eyes, many have called on users to update their passwords as soon as possible. But which passwords need updating? Which sites have yet to fix the bug, and which ones were never affected in the first place?
To help ease the confusion, the folks at Mashable have put together a handy, non-exhausitve list of major online services, including banks, and where they stand with respect to the Heartbleed bug. The list outlines whether a given site was affected, whether it's patched the hole, whether you should update your password, and any statement that service may have released about the issue.
I'm seeing a lot of "Yes" ticks in the "Do you need to change your password?" column for some major services, including Google, Yahoo, Facebook, Dropbox, GoDaddy, and
TurboTax. Even Minecraft users will need to update their passwords, Mashable says.
I guess I know what I'll be spending my evening on. If you're stumped for ideas, keep in mind that short sentences with punctuation can be more secure and much easier to remember than single words or cryptic alphanumeric sequences. Or, you know, you can always look up a password generator and use a password management service to keep track.
Update 4/11: Turns out TurboTax is not affected by the Heartbleed bug. A public statement by the company says users can update their passwords if they wish, but Intuit isn't "proactively advising [users] to do so." Mashable has also updated its story to reflect that point.