The Heartbleed bug has been addressed, but it’s a good idea to change your password on any NZB sites you might belong to. Even if the sites have patched the bug—which they should have by now—your credentials could have been compromised. As is always the case where security is concerned, it’s a good thing to take proactive measures, even if you currently don’t believe that you were affected by the vulnerability. Some NZB sites are strongly recommending that their users go ahead and change their passwords.
The good sites out there have responded to Heartbleed already. OZNZB, for example, reset the API/RSS keys for all of its users. This requires that users make their own updates for their automated downloads, but also ensures that credentials that may have been compromised are now secured.
That same site is also recommending that you change your password on OZNZB if you’re a member. If you’re on a different NZB site, the recommendation is the same; go change your password as soon as you can.
Other providers, such as Newshosting, which was also not compromised, recommend that their users change their password. Understanding the bug a bit can help to make it clear why you do need to change your passwords on your NZB sites.
Heartbleed was not a virus. Heartbleed was a vulnerability that resulted from a mistake in the code that makes up OpenSSL. OpenSSL is enormously popular and a full 60% of the sites on the Internet were affected by this bug.
Before you panic, remember that these sites were vulnerable, but that doesn’t necessarily mean that the sites were targeted by anyone taking advantage of the Heartbleed vulnerability. Think of the OpenSSL security issues as an unlocked door on your house. Simply because it was open doesn’t mean that anyone came in, but you’d generally lock it as soon as you found out it was open. Your password is much the same as your deadbolt in this analogy. It might never have been compromised, but you need to lock it down.
In addition to your passwords on NZB sites, be sure to change your passwords on other sites, as well. It’s a good idea to change your passwords now and then and, with Heartbleed having been patched, you’ve got a good excuse to make the rounds and change your login credentials.
Remember that this security flaw affected email, eCommerce, social networking and many other types of sites, so be safe and change your passwords on all of them.