Hi,

Here's an interesting newsletter from Malwarebytes on the Heartbleed bug, especially the bit about an extension available for Chrome users. Also of interest is a list of affected servers, which includes several that IIS members would use, eg Dropbox.

http://blog.malwarebytes.org/online-security/2014/04/be-still-my-bleeding-heart-qa-on-the-heartbleed-bug/

Cheers

SSL certificates that may have been compromised by the Heartbleed vulnerability on OpenSSL should have all been replaced from April 12th onwards. OpenSSL is mostly used by UNIX/Linux service providers. I believe the problem was limited to specific OS as well. Some Ubuntu version were, FreeBSD wasn't, etc...

Hope so.

And now this. I don't mean to be a scaremonger, it is about information.

http://www.smh.com.au/it-pro/security-it/australia-us-uk-advise-avoiding-microsoft-internet-explorer-until-bug-fixed-20140428-zr11i.html

Cheers

XP end of life was this April so obviously you use it at your own risks.

Since the TLS heartbeat extension is essentially symmetric the Heartbleed vulnerability affects not just servers, but clients (web browsers etc.), too. See http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed for more information. It appears to be possible to obtain blocks of memory contents from client PCs.

Cheers
Steffen.