SoylentNews is people
SoylentNews
After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.
Heartbleed, and why you should change your password
I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately
Heartbleed Bug: Change All Your Passwords
The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".
Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.
(Score: 0) by Anonymous Coward on Friday April 11 2014, @08:11AM
As it is, given that 90% out there are unlikely to be ever changing their passwords even after the sites have updated everything, in some countries if "stuff happens" the Court might still side with you - after all did the judge change his own bank passwords? I bet he didn't.
So in such countries you can still login - the banks are the ones who should be worried and should be doing what Mojang/the Minecraft site did- shut everything down till they have updated everything, including installing new HTTPS certs and having the old ones revoked.
If the banks etc don't think the problem is serious enough to do that, I don't see why their users should be changing their passwords. The sites should be partly liable for the problem not the users. After all using openssl is a choice they made. They could be using IIS instead, or Java's SSL/TLS.