The BBC and other media networks carried a news story this week about a new vulnerability that has been discovered in a widely used, but probably unknown to most, software library.
OpenSSL is used on around 66% of the internet to protect sensitive information (names, passwords etc.) when it passes from one server to another. A fix is available, which all providers are now applying. As a result of this you might be advised by your cloud service providers to change your password. For example, I just received an email from Bufferapp.com (if you have a number of social media accounts you should check Buffer out). They had to apply the fix and advised me to change my password – which I have done!
You should also think about your website.
Those of you that host your site with DMJ are not affected – the version of OpenSSL we use is not vulnerable to this attack. However, if you host elsewhere it might just be worth pinging an email to your web hosts to ask if you need to reset your account password.
Sensible advice about passwords
Everyone should be aware of just how easy it is for malicious ‘types’ to bombard email accounts, social media accounts and websites with login attempts using popular username and password combinations. As these attempts are typically automated, hackers can submit thousands of login attempts in the space of a few seconds. So, if you have an easy to guess username and password you are easy prey.
So here are our common sense top password tips
You might also want to look into using a service such as LastPass to store your passwords.
Edited : Mashable are maintaining a list of sites where you’ll need to change your passwords here.
What services do you use that have been affected? Did they report anything more serious than a ‘please rest your password’?
Drop a comment below to let us know.