The problem is its hard to detect if there is a problem with it on the stardocks servers exactly because of the nature of the attack being near undetectable, but it's better to be safe than sorry in my opinion. It's more of a general PSA to people who share my concerns for security.

But you are right, Find out if/when a server is/will be patched when wanting to update your security.

Thing is even if you're not using HTTPS with open SSL on Stardock any account that uses similar log in information anywhere is at risk because a lot of people do use the same password in many places, against standard password advice. These are the people who should change their passwords. Not just on this site, but every site. 

Someone logs into a compromised service, then the attacker get their email, they log into that and then can Hijack any service that person signed up for that sends email re-verification for password/account information. It doesn't have to directly affect Stardock, I'm saying anyone who thinks they might be at risk, and there are a lot of them, should be going through the process of updating their personal E-Identity security everywhere.

Start with securing your email accounts, then from there secure everything else starting with any service that uses your payment information.

That wouldn't have helped if you used a compromised service before the announcement of the SSL defect, Norton would have just said, "Open SSL? You're good buddy, go on in and enjoy this site, it's 'Safe'!"

Because SSL is the Encryption that makes the website "Safe" the problem is the security had a flaw, so Norton is about as useful as a brick in knowing if your information was leaked from any site that you visited and logged into in the past few weeks. They may be safe now but you wouldn't know where or when your information was taken. What part of this is a MASSIVE GLOBAL problem that affects 2/3 of then entire internet.  its not just GavCiv or Stardock, its potentially ANY WEBSITE YOU'VE BEEN LOGGED INTO FOR THE PAST MONTH OR SO!

Do you not grasp how easy it would be fore anyone who has a single piece of information such as an email log in to take all your stuff, all your accounts, your steam, your WoW accout, possibly even direct access to your bank accounts. like if your email provider was a victim of the bug, it would be a cake walk when they get done with the person before you on their list of stolen accounts to hop on yours and start resetting all your passwords for you Hope you liked spending $1000 on all your steam games just so someone else could transfer them to their computer.

It's not hard to just go change every password you have EVERYWHERE and then you know you will be safe, cause Norton wont let you know that all your account have been hijacked when you don't.

You should know if you reuse the same password across multiple sites, if so then yes you should change them all, personally I've only used my current password on this site.

However changing them all before half the site you visit have patched is a bad idea especially if your going to reuse the same password again, I thought that when that news article came out I still think it.

Don't get me wrong this is a really bad security flaw, but resetting all your passwords at this point may actually not reduce your exposure may even increase it by making you visit all the sites you normally use a password on thus creating just the sought of encrypted traffic that this bug allows people to intercept.

P.S. Does anyone else think this is obviously one of the backdoors the NSA built into internet security protocols then got nervous about when Snowden started to expose them and decided to have some security researchers "discover it"...

As far as the involvement of the nsa is concerned their is no way it's in the interest of the us government to admit to it if ot was. But this does look like exectly the type of backdoor weakening of vital internet security snowden talked about.

The truth is we will never know for sure. The nsa have already officially denied it for what that is really worth.

Another duplicate post. Please ignore.

And I thought I was cynical.

Anyway, cynic or not, no pressure produces no results. If one feels strong enough about it apply the pressure regardless of what results you think it may get. At least you will be able to say "at least I tried."