Reddog1 wrote:
If someone has my password to a Forum I visit, so what? If I have no personal info other than an email address on that site, what security should concerned about?
If it is the email address, then perhaps I should have an email address unique to those sites I do business with.
What am I missing?
Wayne
For end users Heartbleed's biggest impact would be on sites where you have financial or other personally identifiable information (like SSN, etc.) Because an affected server can be made to give up information it's possible someone could "harvest" a lot of account information. The sites you should be concerned with are those that have your credit card information stored or access to your financial accounts (banks, brokerages, etc.)
Also, you should change your password for any email sites that could be used for account verification of other sites. For example, many sites require that you click a specific link in an email they send you to reset your password so those email accounts should be updated.
For forums it doesn't matter unless that forum also has shopping that might have your credit card information stored.
I know most banks said "We're not impacted", but there's no harm in changing your password anyway.
