Big fuss doing the rounds over the Heartbleed bug. Google it. Every man and his dog1 is saying it is really bad and offering advice which basically says change your passwords oh and btw it might not make sense to change it yet because your specific service might not have patched their SSL.
Now this is the problem. I have 75 sets of credentials for accessing online services. Each one has a complex and unique password. It’s going to take hours to change them all.
A few are more important than others, Google and banking for example. I checked Lloyds Bank. There are no notifications on their website. No advice. No words of comfort saying “don’t worry Tref you are ok son”. Now I can’t believe that a bank like Lloyds with presumably a huge security team hasn’t got it covered.
I checked them using LastPass and got the message “A Server header was not reported, you should assume this site could be vulnerable.” Now this may be because the site is vulnerable or it may be that Lloyds has its website nailed down so that services such as LastPass can’t ping it for information. Not being an expert in this field I don’t know.
Maybe I don’t need to worry about it anyway. Lloyds uses 2 factor authentication. Is that affected? Hmm. No idea.
I read about tech so picked up the Heartbleed story. My dad doesn’t read this stuff. He is 80. He reads the sports pages, the political news and, oh I don’t know, headlines from 1956. Anything really but not news about Heartbleed. Yeeeeoooooooowwwwnggg – right over his head. He probably doesn’t even know most passwords he has created. Probably a majority of the population will be in the same boat.
A lot of people out there will be oblivious to Heartbleed, oblivious to whether their services are affected and oblivious as to whether they need to do anything about it. What’s to do?
I’d envisage each of the 75 services I have an username and password with will be wanting to send me an email advising me of a course of action. Not received one yet…
Other security related posts:
Who sells your contact information?
2 Could be Bonzo