Many of the leading USENET access providers offer SSL security on their connections. Does the Heartbleed vulnerability affect them? For the most part, the answer is no.
Before you start panicking about your USENET security, consider the following.
Not every system was affected by Heartbleed. The vulnerability was specific to an implementation of OpenSSL. If your USENET service provider never used that implementation, you’re not affected.
You can check on various sites as to whether or not your service is vulnerable, but there are conflicting opinions as to the accuracy of these sites. If the site cannot be trusted to provide a reliable negative or positive in regards to your security, it’s likely not worth worrying yourself over the results, of course.
The USENET providers that have implemented patches have been posting information, so you can always check your provider’s site if you’re worried. If you don’t see any information and you’re still concerned, you can email their support—or get in touch with them however your service makes that possible—to get more information.
Opinions differ on this. Some people are advocating that users change their passwords and others point out that, if the SSL vulnerability is still there, changing your password is just using a different password on a non-secured network, so there’s little point.
There are also some odds that need to be taken into consideration here. Very few people out there would know how to exploit the Heartbleed vulnerability. Getting credentials from a connection is a very technically involved process, so there may not be much reason to panic at all over this.
People have tested many of the major providers using various tools already and many of them came back fine, showing that the vulnerability hasn’t affected them or that they’ve fixed it already. For most users on the USENET system, Heartbleed will not be a vulnerability worth spending time worrying about.
Good security practices always apply, however. You should rotate your password out now and then and make sure you’re using something secure that couldn’t be guessed. If you’re worried about password security in general, the best solution is to use any of the random password generating tools on the Internet. As for the SSL on your USENET provider, there’s nothing you can do about it, but it’s likely not worth worrying about, anyway.