Earlier this week a severe security flaw was found in software used by almost two thirds of all websites. Ironically, the security flaw was in the popular security layer OpenSSL which is supposed to protect data you send from your computer over the web to the website.
When you see a web address that has an “S” at the end of the http that means they’re using a security layer. Banks, retail sites, online services like Google, Facebook and Tumblr all use it. And many of them use the OpenSSL version.
The flaw basically makes it possible for hackers to get your password and other personal information from your accounts. We can be grateful that two “white hat” hackers found this and got the word out right away.
Major sites should have notified you by now if they were using this software with advice on what to do. If they patched it right away, the best thing to do is go to the website directly to change your password and security questions. DO NOT click on any links in emails as the phishing people are already out in force sending emails that look like they’re from the real site, but they’re not.
If you have not received a notice, it’s best to stay away from sites until you know they’re safe. Luckily, there are several reputable sites that will let you check to see if a website has installed the patch for this flaw. Again, fake “check” sites are all over the place. If you’re asked to enter anything but a website address, it’s fake. Here are some recommended sites to check below. I found checking just these two were most reliable.
Two notes – check both these sites as the updates are variable on each so one may be a bit behind. And the site you’re checking must have a URL/web address that begins with https. Standard sites, like maybe your company website, normally don’t use a security layer and will begin with http://.
If the site you’ve checked passes, it should be safe to go there to change your password/security settings. If not, don’t go to the website to make any security changes until you hear from the company. If you must log into the site for some reason, call/contact the company. Or use social media. I’ve found that a Tweet or Facebook post can get a faster response! Hopefully they’re working on it.