As you all, know on April 7 the OpenSSL project issued an advisory (of which NSA has apparently been aware of for 2 years). We deployed the updated OpenSSL libraries on Tuesday at 7am EST and renewed all of our SSL certificates.
We take security very seriously (take a look at the newly launched Security page where you can see if anyone has accessed your SaneBox account), but you should too:
a) Enable 2-factor authentication for every site that offers it (http://twofactorauth.org/)
b) Use unique and random passwords for all your services via 1Password or LastPass
c) Have a long and difficult to guess but easy to remember password for 1Password or LastPass. Think of a phrase or refrain from a song. “Billy Jean is not my lover, she’s just a girl who claims that i am the one” becomes bjinmlsjagwctiat1 - a 17 character password that’s impossible to break but you already remember it. But it’s critical that you never use the same password for multiple services – so if one of them is compromised, others are safe!