By now you’ve heard about Heartbleed. If not, go check these links out:
- LastPass’s blog post about Heartbleed
- LastPass’s Heartbleed checker
- Steve Gibson’s Security Now! podcast about Heartbleed (audio, notes, and transcript)
- xkcd 1353 and 1354
Once you have changed your pants, you should enable a check for server certificate revocation in Google Chrome and any other browsers you use, since a bazillion certificates need to be revoked right now. Here’s a quick how-to for Chrome.
Open Chrome’s “hamburger menu” and choose “Settings”:
Scroll to the bottom and click “Show advanced settings…”:
Scroll again and check the box beside “Check for server certificate revocation”:
This will make sure that Chrome verifies certificates, rather than assuming no news is good news.