What I am doing:
- Got educated at http://heartbleed.com
- Updated Chrome to the 34.x version manually (promoted to stable yesterday)
- look at https://support.google.com/chrome/answer/95414 and search for "Check for update manually"
- Checked for vulnerability in sites I use
- dnsimple.com (patched as of 8 Apr 14:22 GMT)
- github.com (patched and sessions invalidated somewhere between 8 Apr 18:34 GMT and 9 Apr 01:08 GMT, based on atom feed post timestamps)
- familysearch.org (not vulnerable as of 8 Apr around 16:00 GMT)
- amazon.com (not vulnerable as of 8 Apr around 16:00 GMT)
- Completely clearing cookies and cache on ALL my computers, family & work, including phones
- Installing LastPass and resetting ALL my passwords as I become confident that each site is patched
- I am assuming that all my user/passwords are either already known at this point, or can be discovered by anyone who recorded SSL traffic in the past 2 years
- Wondering what will happen because of this
UPDATE: Chrome update seems to be not strictly necessary as stated here. But I'm upgrading anyway, because the Chrome stable release on 8 Apr. 2014 has a lot of other security fixes in it.
UPDATE: More details that I've learned are here in a follow-up post.
No comments:
Post a Comment