You might have heard about Heartbleed, which is the name given to yet another recent security problem. Briefly, the problem was a bug in software that has been used for website security by many people.

And yes, Yahoo.com and many other common sites have had the problem, so if you have used those usernames and passwords anywhere else, pay attention.

Read it about it here:

http://news.msn.com/science-technology/how-to-tell-if-heartbleed-could-have-stolen-your-password-and-when-it%e2%80%99s-safe-to-change-it

Then come back and check the list below and read about it in today’s Portland Biz Journal:

http://www.bizjournals.com/portland/blog/2014/04/after-massive-heartbleed-security-breach-portland.html?ana=e_du_pub&s=article_du&ed=2014-04-09&u=zgSD4d+pX4SRgPIGOndEtwXfJFA&t=1397146424&page=all

I grabbed the list of over 600 vulnerable sites from the link in the first article  alphabetized it, then deleted most of the sites leaving a few examples of sites that you (I) would think they really should have known better. But it just goes to show you that really smart people from big and small companies use the “off the shelf” software that other people trust. Have a look and be shocked.

androidcentral.com.

androidpit.com.

androidpit.de.

arstechnica.com.

bittorrent.com.

breitbart.com.

cabelas.com.

cplusplus.com.

duckduckgo.com.

economist.com.

flickr.com.

fool.com.

graphicstock.com.

heritage.org.

kaspersky.com.

mail.com.

nascar.com.

resellerratings.com.

reverbnation.com.

rollingstone.com.

searchfunmoods.com.

shopzilla.com.

thestreet.com.

thewire.com.

toshiba.com.

weather.gov.

wisegeek.com.

wisegeek.org.

yahoo.com.

zagat.com.

zap2it.com.

So yeah, it looks like I’ll have to change my nascar.com password too.

If you’re not using KeePass or LastPass or another encrypted password program to make new passwords and keep track of them, it’s time to start. Many of my passwords are pure gobbledygook that KeePass created for me.

And, in the words of Han Solo, “It’s not my fault.”