UPDATE via Steveeboy: Paypal not affected. Check this list of sites or try this. If you use Chrome, you can add this extension to warn you of any unsafe website.
I am so tired of changing my passwords. One of my friends told me I should use a password service that generates a random stream of characters — but who’s to say that can’t be hacked? I’m at the point where I think I just want to pay cash and buy things in person:
The cryptography expert Bruce Schneier, who has been writing about computer security for more than fifteen years, is not given to panic or hyperbole. So when he writes, of the “catastrophic bug” known as Heartbleed, “On the scale of 1 to 10, this is an 11,” it’s safe to conclude that the Internet has a serious problem. The bug, which was announced on Tuesday—complete with an explanatory Web site and a bleeding-heart logo—is a vulnerability in a widely used piece of encryption software called OpenSSL.
Heartbleed is as bad as it is possible for a security flaw to be. It can be easily exploited by anyone on the Internet without leaving a trace, and it can be used to obtain login names, passwords, credit-card information, and even the keys that keep our encrypted communications safe from eavesdroppers. The bug first appeared in OpenSSL code that was released in March, 2012—so the vulnerability has been open to exploitation for more than two years. The Internet-security firm Netcraft reported that up to five hundred thousand sites thought to be secure were, in fact, vulnerable—including Twitter, Yahoo, Tumblr, and Dropbox.
*Before* changing passwords, make sure the site checks out as not-vulnerable on http://filippo.io/Heartbleed/ (the third link in your post).
The bug has been around for two years, but is only known to have been exploited since Monday (Apr 7th), when it was published by Google and Codenomicon without giving the programmers time first to fix it. Not sure why they did that. So don’t access your online banking or e-file taxes unless the sites check out as okay.
There *may* be indications that it was exploited as far back as Nov 2013, but nobody really knows as yet.
Other peoples license plates make very good sources of random letter and number combinations. You just combine the parts you like and capitalize as you see fit.