By Richard Corzo
In April we discussed the Heartbleed vulnerability discovered in the OpenSSL code that many websites and some devices use to provide secure web connections. The vulnerability can allow access to sensitive data stored in the memory of the compromised server or device.
It turns out that some versions of Android are susceptible to the vulnerability. To find out whether your Android device is affected, you can download an app such as the Heartbleed Security Scanner by Lookout Mobile Security from the Google Play store.
It’s also possible your website/Internet accounts are affected. In that case the server and the security certificate that provide secure connections must be updated. Only then should you bother to update your password. If you try to do that before the company has fixed the vulnerability, you are potentially exposing your new password and the data and account it protects. You should wait until the company notifies you by e-mail, but many companies haven’t taken this step to keep their customers informed.
You may need to get this information on your own. It turns out that the password manager I use, LastPass, includes a security check tool that reports which of your accounts are/were vulnerable and whether they have been fixed (of the ones it knows you use because you have previously visited the website and provided credentials).
You might have to do research on your own, checking lists like “The Heartbleed Hit List: The Passwords You Need to Change Right Now” on mashable.com or “Heartbleed bug: Check which sites have been patched” on CNET. Otherwise you may need to contact the company directly to see what they say.