A weakness in the protocol that makes your secure sites, secure is no longer secure. At least for now. A patch has been made and being deployed but not everyone is patched yet. So what to do. I would recommend testing any SSL Site that you use with http://filippo.io/Heartbleed It’s not safe enough to just put the main site address but put the actually SSL host for example, my bank is plainscaptialbank.com but when i click to login to my online banking it takes me to ibank.plainscaptial.com. I put that address in the test field and found that it is not patched from CVE-2014-0160. So while these sites are not patched, i’ll just avoid using them until they are corrected.
The risk here is that someone could be posing as the real site and scooping up any information you give them. your browser won’t know any different and see that the certificate is valid and not warn you of any risk.
If you want more information on heartbleed visit: http://heartbleed.com
Thanks to Riley for posing the question to me this morning.
UPDATE 9 AM
sites which also appear to need to be patched,
Amigo Energy (my.amigoenergy.com)
Song Select (us.songselect.com)
UPDATE 10 AM
http://ibank.plainscapital.com is now secure.
