Heartbleed – it gets worse…
Apparently, the NSA may have at least known of this bug for a long time, and you can bet your boots they’ve exploited it against someone. Given their propensity for reading the communications of all and sundry, I somehow doubt that only the ‘bad guys’* were targeted.
In any case, if the NSA knew about it, and the bug itself was hidden in plain site, you can take it for granted that someone else did. Which, if true, means that the NSA has worked to weaken all of our collective security, including the security of the country they’re meant to protect.
Meanwhile, lastpass have put up a useful tool to help with figuring out what passwords need to be changed and where. Because the important thing here is to change your password only after the affected service has both patched and updated their SSL certificates. Doing it before that means you’ll still be vulnerable.
Finally, some food for thought from Bill de hÓra …
Presented without comment http://t.co/zbn0ZqeD7t
— Bill de hÓra (@dehora) April 11, 2014
* insert your preferred bad guys here