Gadgetory

a new online security bug dubbed heartbleed had top websites like Yahoo Facebook and Google scrambling to make their site secure the attacker can listen in on website traffic and stuff that's supposed to be encrypted can actually be decrypted as it's getting bounced back and forth between you communicating with the site and the site receiving your communication that means usernames passwords credit card numbers home addresses phone numbers and all kinds of information could be stolen the problem stems from encryption software called openssl some of the major tech sites like YouTube Instagram and Wikipedia say they have addressed the vulnerability and have been fixed while other companies like PayPal chase and LinkedIn say they were not impacted use a website checker last past calm / heartbleed is an excellent one that's been kept up to date on whether sites are vulnerable or not but if you're tempted to change your password right away you might want to hold off if you choose a new password now and then the site fixes the problem you're just gonna have to choose another new password in a couple of days when when they implement the fix if you have some critical banking do it in person or on the phone I would stay away from your banking site I'd stay away from your bank's mobile app as well but it's really up to the websites to ensure security for its users well make sure your password is good we also have something called we call two-step authentication where you have to have both your password and your phone to login for the latest information on the heartbleed bug visit cnet com in San Francisco I'm Kara Tsuboi cnet.com for CBS News