I heard about this a few days ago in this article from arstechnica. I checked with a top notch security guy I know (thanks Rob) and he confirmed this was a bad one. He also mentioned that it was bad enough to keep him busy for a while but he was happy about that as it would not only let him make the important fixes but also help customers in other security areas – which he knows they need. So pretty good outlook. But today I heard several times some bad information on this issue. So I am going to share some important info, and than some links and that will be it.
Do not change your passwords UNTIL the vendors tell you they have updated / fixed their site and if you have already you will need to change them again.
So in my world that means I have done Dropcam, Dropbox, Fitbit, and Piper. But no one else since no one else has told me they have fixed.
Want to learn more?
Bruce Schneier – https://www.schneier.com/blog/archives/2014/04/heartbleed.html
Well done article – http://www.theverge.com/2014/4/8/5594266/how-heartbleed-broke-the-internet
VMware public sites – http://kb.vmware.com/kb/2076353
VMware products – http://kb.vmware.com/kb/2076225
National Vulnerability Database – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
You can check a site for this issue using this site – http://filippo.io/Heartbleed/
Update 4/11/14 1049 0 added Fitbit to the list of what has informed me, and I changed!
Michael
=== END ===
Notes from MWhite 