Low End Mac’s Dan Knight notes that any time you visit a website with an https: prefix or see that secure lock icon on your browser, some type of security software is busy trying to protect your data, and in most cases, its OpenSSL. The bug was introduced to OpenSSL on New Years Eve 2011, but it went undetected until now. Dan says experts estimate that two-thirds of all secure sites have had the Heartbleed door open until this week. OpenSSL 1.0.1g and 1.0.2-beta2 are safe, and by now most websites have updated to these safe versions.
He also notes that you may have heard or read that Mac OS X and iOS are safe from Heartbleed, but what most of those articles dont clarify is that they are only safe when used as servers, and then only if you havent upgraded to a bug-ridden version of OpenSSL. (The version of OpenSSL Apple includes with OS X predates the Hearbleed bug.) Consequently, everyone who uses a browser or other app to access a website using buggy versions of OpenSSL is at risk whether they’re running Mac OS X 10.9, Mac OS 9, Windows XP, iOS 7, Android, Linux, Windows 8.1, or anything else doesnt matter. The bug is on the server, not on your computer, and until a site using OpenSSL has been updated to a safe version, you are putting yourself at risk every time you log into that server. Consequently, this is not the time to change your password, as the bug still makes it possible for hackers to harvest your ID and password. Instead, you should avoid visiting sites that havent updated and only change your password on sites that are bug-free.
To read more, click here.