Apr 14, 2014
Following a series of recent revelations regarding a flaw in the implementation of OpenSSL, ENISA would like to warn you of the potential threat of your password being compromised or a session cookie getting stolen while you connect to a system/website that utilises vulnerable OpenSSL installations.
Follow the simple steps below:
1) Don't panic!
2) Verify whether your favourite services (e-banking, e-government services, etc.) are vulnerable or not - please contact your service providers!
2a) If they are affected and the service has not been patched yet: do not use it until it is patched.
2b) If they are affected and have been patched: change your password!
3) A good advice is to change your passwords frequently!
4) Don't panic!
Unfortunately, until today there is no definitive information available as to whether a website has solved the vulnerability or not.
As a general recommendation, never use the same password on your online services or websites.
The attacks and leaks might continue due to the fact that people might misuse the vulnerability for their own purpose.
As soon as ENISA has more information, our recommendations will be updated.
More information: ENISA flash note "Heartbleed - A wake-up call"
ENISA references in this flash note the website http://heartbleed.com/. At the end of this website you will find a list of links to EU Member States CERTs with additional information (Please be reminded of ENISA's diclaimer for third party sources.)
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!