Heartbleed

Apple's Not Affected. But What About --- ?

        The breaking news on Monday, April 7 was a huge wakeup call.  Jim Hamm's gives some help here about places affected by Heartbleed vulnerability. 
         Apple was not affected, and you do not need to change your password. 
         Last Pass lets you enter the name of the site you want to check. 
         Mashable  published this  list and gives comments on each of these entities:  

Social networks: Facebook, Instagram LinkedIn, Pinterest, Tumblr, Twitter.  
Other companies:  Apple, Amazon, Google,  Microsoft, Yahoo.
Email: AOL. Gmail, Hotmail/Outlook, Yahoo Mail.
Stores and Commerce:  Amazon, Amazon Web Services, eBay. Etsy, GoDaddy, Groupon, Nordstrom,  PayPal, Target, Walmart.
Videos, Photos, Games & Entertainment: Flickr, Hulu, Minecraft, Netflix, SoundCloud, YouTube.
Financial: American Express,  Bank of America, Barclays, Capital One, Chase, Citigroup, E*Trade, Fidelity, PNC, Schwab, Scottrade, TD Ameritrade, TD Bank, T Rowe Price, U.S. Bank, Vanguard, Wells Fargo.
Government and Taxes: 1040.com, FileYourTaxes.com,  H & R Block, Healthcare.gov, Intuit (TurboTax),  IRS, TaxACT, USAA
Other:  Box, Dropbox, Evernote, GitHub, IFTTT, OKCupid, Spark Networks (JDate, Christian Mingle), SpiderOak, Wikipedia (if you have an account), Wordpress, Wunderlist.

Password Managers: 1Password, Dashlane, LastPass

Apple's Fix for "Heartbleed"

         "I was curious about 'Heartbleed' hearing a lot about it," David Passell acknowledged.  He found some important info. "It apparently can infect Mavericks users and IOS 6.users. Since I am still in the "stone age" with Snow Leopard I am apparently not subject to it."  Read zdnet
        Sure enough, the article emphasizes that the fix is in Apple's 10.9.2 update for Mavericks. Vulnerability is not present in versions of OS X prior to OS X 10.9 Mavericks or iOS prior to iOS6.  

Vulnerable! Keep Informed

        Keep informed!  Jim Hamm passes this along, "This alert of a vulnerability in OpenSSl was published earlier. If you missed reading about it, here is another alert. Undoubtedly there will be more of these types of alerts as the hackers get more creative."
        And if you use a smartphone you'll want to scroll down to Arstechnica's March 29 entry, warning about selling or buying a used phone to turn off Find My Phone, and also telling about avoiding trouble with "good IMEI/ESN" or "bad IMEI/ESN."  Others comment about these problems in later postings. 
        See Macintouch.  See Arstechnica.