What is heartbleed?
The heartbleed flaw is a bug that has been discovered in the heartbeat extension of OpenSSL. This is why it’s called ‘heartbleed’. OpenSSL is one of the most popular ways used to encrypt traffic on the Internet. It is used by social sites, company websites, online shopping and e-commerce sites, sites you might install software from and even Government sites to help protect privacy and transactions.
The heartbleed bug basically allows an attacker to read a secure connection as if it were insecure. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
How does it impact me?
Your usernames, passwords and personal information sent across the internet may have been compromised if you have used a website, company or government whose OpenSSL software was vulnerable.
Is Veda safe?
Veda’s externally accessible sites are protected. Due to the way Veda systems are networked Veda is by and large unaffected. Veda takes the security of our information very seriously and we are continually monitoring our network and websites.
What can I do?
If you have an account with a website that is affected, you should change your password only once you know the site has been patched and you know that the site has reissued their security certificates. Here is a list of some popular sites and their status:
- Google (and Gmail): Safe
- Facebook: Change your password
- Apple: Safe
- Microsoft (and Hotmail, Outlook.com): Safe
- Yahoo (and Yahoo Mail): Change your password
- LinkedIn: Safe
- Pinterest: Change your password
- Twitter: Change your password
- eBay: Safe
- PayPal: Safe
- DropBox: Change your password