Yes.
Heartbleed is a complicated situation. Basically, there is nothing you can do
about it, as the exploit is on the website -- not your computer. The exploit is
that in many situations, if it is present, heartbleed can steal the password to
the website you are logging in to. Here's what you need to know to make
decisions about what you should do.
1.)
Most Internet security applications cuurently will NOT detect heartbleed,
because it does not reside on your computer. This may change -- but heartbleed
is a "passive" exploit, and therefore difficult for your security app to
detect.
2.) If
you do not do any financial transactions over the Internet, and/or have no
memberships with significant amounts of personal information about you on them,
you really don't have much to worry about.
2.) If
heartbleed DOES give you a reason for concern -- you first need to find out if
the website that concerns you is vulnerable to the exploit. Here are two
websites that claim to be able to check other websites to see if they are
vulnerable to heartbleed...
If the website is vulnerable, that does
NOT mean that they are infected with heartbleed -- only that they CAN be
infected with it. They will probably have instructions on what they prefer for
you to do. Most vulnerable sites are recommending that you NOT change your
password until they have patched the vulnerability.
3.) Because this vulnerability has
existed for a while, the general advice on the Internet (and I strongly agree
with it) is:
a.) Change all of your passwords for all sites .
b.) DO NOT use the same password twice.
Yes,
this will be a major aggravation, but IMO, it is necessary for everyone for now
and into the future. This is not just because of the heartbleed virus, but
because of major exploits that techies like me are seeing "coming down the
road". I am now working on a broad-range "Security Makeover" plan to offer my
customers that will include how to manage multiple, non-duplicating passwords
easily and safely. I hope to be emailing you with details by
mid-May.
Hopefully this will answer
your most of your questions. If not, just let me know...