Attacks targeting the Heartbleed vulnerability, which is reportedly pretty easy to exploit and very difficult to detect<\/a>, could have dire consequences for everyday Internet users. A successful exploit of the bug could expose private certificate keys, username and password combinations, and a variety of other sensitive data.<\/p>\n Heartbleed hit the news earlier this week after OpenSSL announced that it had provided a fix for the vulnerability. Since then, the seriousness of Heartbleed has settled in<\/a>, and it\u2019s pretty much the only thing anyone in the security industry has talked, heard, or read about. Considering what we know about Heartbleed<\/a>, you\u2019re probably going to want to do a bit of digital spring cleaning<\/a> \u2013 particularly in regards to your passwords. You should definitely read the Heartbleed walkthrough<\/a> we published on the Kaspersky Daily yesterday morning. It provides a pretty straightforward explanation of what is \u2013 in fact \u2013 an incredibly complicated problem. It also has tips on who is or was vulnerable and how to proceed from there.<\/p>\n The list of websites affected by Heartbleed is long and ever-changing, and you can use this tool<\/a> to check individual sites. Beyond that, it\u2019s now become clear that a number of online gaming platforms \u2013 Nintendo, Call of Duty<\/i>, and League of Legends<\/i> among them \u2013 were at some point afflicted with the Heartbleed and are now urging customers to change passwords immediately. You can find a list here at Digital Trends<\/a>.<\/p>\n If you find all this crypto stuff interesting (or are incredibly confused about what encryption is and how it works), then go ahead and read our explainer on cryptographic hash functions<\/a>. It\u2019s not directly related to the OpenSSL situation, but it can\u2019t hurt to expand that crypto-vocabulary from time to time.<\/p>\n The End of an Era <\/b><\/p>\n If you had asked last week<\/a> what this week was going to be all about, I would have told you it was going to be a Windows XP exclusive affair. Tuesday, April 8, 2014, marked the very last time Microsoft would issue public security fixes for its more-than-12-year-old Windows XP operating system. It\u2019s long been known that the April 2014 edition of Patch Tuesday would be the last in which Microsoft issued fixes for XP.<\/p>\n Problematically, XP is still a dominant operating system. You see it on the computers at doctors\u2019 offices and hospitals and on the payment interfaces of point-of-sale terminals and ATMs; it is the underlying operating system for an unknown number of embedded devices, and it may even be the operating system you personally rely on every day. All told, I have read estimates of the operating system\u2019s overall market-share ranging from 18 percent<\/a> to 28 percent<\/a>. Let there be no illusion, Windows XP isn\u2019t going anywhere. The end of support merely means that any new vulnerability found in the operating system will never get patched.<\/p>\n For a full run-down on what this all means, you can read this brief look at the history and future of Windows XP<\/a>, which was at one time the world\u2019s most ubiquitous operating system.<\/p>\n In other News<\/b><\/p>\n![\"week\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/04\/05111205\/week-1.jpg\")
<\/a><\/p>\n