What is Heartbleed?

You’ve probably read of Heartbleed in the past few days. It’s a very serious (up to 11) security problem on the internet. Information about this problem is changing daily, as is advice on how to deal with it. I’ve kept this article short and simple, but do follow the links below for more information.

If you read no further, just be aware that users of Google, Yahoo, Netflix, Facebook and Instagram (among many other companies) are very much affected by this — that’s how big it is.

Where is the problem?

The security problem exists on servers you connect to, and that mostly means websites you visit. Many websites have had security holes due to Heartbleed for years. These pages have long explanations of Heartbleed:

Some websites, companies and servers were never affected. Others have been fixed now. See this list for more information:

You can test a website yourself by going to this page and entering the URL of the website:

The problem isn’t only in websites, however. Other machines that connect to the internet are affected, including some Android phones.

What should I do?

  1. Change your password for every affected website, but only after those websites are fixed.
  2. Use a password manager app. I recommend 1Password.
  3. Make all your passwords strong and unique.

How do I know if a site’s been fixed?

See the links above. Contact the company directly. Some companies seem to be keeping quiet about this, but you shouldn’t be complacent.

Should I change my Apple ID password?

You don’t need to change your Apple ID password as a direct result of Heartbleed because iTunes and iCloud weren’t affected. But if your Apple ID password is the same as the password for another service that was affected, then yes, change it. Make it strong and unique.