On April 7 2014, the OpenSSL project issued a security advisory about a serious vulnerability in the encryption software in use by a large percentage, up to 66%, of the internet. This CVE-2014-0160 vulnerability, nicknamed “Heartbleed” would potentially allow attackers to retrieve information from encrypted SSL transactions. The best explanation of Heartbleed that we found is located here.
Shipsurance.com, dsiins.com, and InsurePost.com DO NOT USE any implementation of OpenSSL and therefore are not vulnerable to this bug.
To verify what sites are vulnerable and not, please visit the “LastPass Hearbleed Checker“.
Should You Change Your Shipsurance Password?
Popular sites such as Google, Facebook, and Yahoo suffered from this serious vulnerability. Most have since been patched but if you use the same password on multiple websites, it is always a good idea to change it. If you are going to change your password on a site the was vulnerable, make sure they fix problem BEFORE you change your password.