Its now day five since we heard the public revelation that an OpenSSL bug was loose on the Internet and possibly on the Open Source Servers and perimeter appliances of most if not all of the major hosting centers worldwide.
We need to let calmness and deliberate evaluation and then action prevail. That means assessing you own vulnerability and potential exposure. And I would look to the access information that you use to secure your financial accounts and areas of the internet where the compromise of your identity information would harm you financially.
That said, you need to be armed with a list of patched and unpatched resources. Change your access information NOW for those that have been patched recently, and await the announcement of patches for the others before changing anything else. Without the patch, your password change would still be vulnerable to be “mined” according to what we know about the behavior of the exploit.
Again – calm!
Thanks to Reuters