Heartbleed Bug

Z A C K

Z A C K

Stayin' Fresh
Cornerstone Member
Sep 11, 2013
13,514
2,222
13,730
You guys hear about this? It's a flaw in OpenSSL which is putting a lot of our passwords at risk. The admins running the sites using OpenSSL need to upgrade, some have but I'm sure some haven't so far. Anyway, I changed my Gmail, Facebook, and Amazon passwords. Hopefully that'll keep me safe.

Here's the site for more details:
http://heartbleed.com/
 
Z A C K said:
You guys hear about this? It's a flaw in OpenSSL which is putting a lot of our passwords at risk. The admins running the sites using OpenSSL need to upgrade, some have but I'm sure some haven't so far. Anyway, I changed my Gmail, Facebook, and Amazon passwords. Hopefully that'll keep me safe.

Here's the site for more details:
http://heartbleed.com/
Click to expand...

Do Facebook, Gamil and Amazon use OpenSSL? I would not have thought so.
 
D-V-ANT said:
Do Facebook, Gamil and Amazon use OpenSSL? I would not have thought so.
Click to expand...
Google researchers are the ones who found the bug and said you should change all your passwords including Google ones so just better safe than sorry I guess.
 
"Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this - and encourage others to report them - so that we can fix software flaws before they are exploited."

Amazon has been through its Amazon Web Services (AWS) and it too said that all is well, everything has been fixed and no one needs to panic.

Facebook suggested that this was old news to it, old news that it patched some undisclosed time ago. "We added protections for Facebook's implementation of OpenSSL before this issue was publicly disclosed, and we're continuing to monitor the situation closely," said a spokesman.

Microsoft told The INQUIRER that it has taken a look at its services and has nothing much to report. "Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows' implementation of SSL/TLS was also not impacted," said a spokesman. "A few Services continue to be reviewed and updated with further protections."

Not all websites are vulnerable, and some like Twitter and Linkedin have done their due diligence and reported that their users are fine to carry on. Also fine are Paypal and eBay, while Dropbox has also revealed that it has patched its software.

Twitter said on its status pages that it is as clean as a whistle. "We were able to determine that twitter.com and api.twitter.com servers were not affected by this vulnerability," it said.
Click to expand...


Edit: Also Yahoo has been patched. If you use Yahoo and have an account I suggest changing that password now.
 
Last edited:
Z A C K said:
Google researchers are the ones who found the bug and said you should change all your passwords including Google ones so just better safe than sorry I guess.
Click to expand...

Hhhmmm. I have some experience on installing and configuring SSL. The exploit seems to be with the keys contained in OpenSSL. The SSL procotol does not store your user name, passwords, email addresses or anything like that. It's just a trust connection. Unless the software sitting under it is extremely vulnerable (in the case of the companies you mentioned, that's very unlikely) most people that use the big services are probably ok. The real issue seems to be on TLS. I think they are suggested that the packets sent here are exposed by this bug. Of prudence is always best in these case if you're even remotely concerned.
 
D-V-ANT said:
Hhhmmm. I have some experience on installing and configuring SSL. The exploit seems to be with the keys contained in OpenSSL. The SSL procotol does not store your user name, passwords, email addresses or anything like that. It's just a trust connection. Unless the software sitting under it is extremely vulnerable (in the case of the companies you mentioned, that's very unlikely) most people that use the big services are probably ok. The real issue seems to be on TLS. I think they are suggested that the packets sent here are exposed by this bug. Of prudence is always best in these case if you're even remotely concerned.
Click to expand...
Yeah, possibly it's not as big a deal as some media is making it out to be, but I change my passwords pretty regularly anyway, so I have no problem doing it now.
 
Mashable has a pretty good list of vulnerable sites. Seems financial institutions didn't have the problem. But all your social networks are fuxxored. The juggernaut called Amazon is unaffected.

The main issue here is that changing your password won't do a thing if the server itself hasn't been patched. Google says you don't need to change your password, but I would definitely err on the side of caution, here.
 
Freezasaurus said:
Mashable has a pretty good list of vulnerable sites. Seems financial institutions didn't have the problem. But all your social networks are fuxxored. The juggernaut called Amazon is unaffected.

The main issue here is that changing your password won't do a thing if the server itself hasn't been patched. Google says you don't need to change your password, but I would definitely err on the side of caution, here.
Click to expand...
According to that list, looks like I'm set then. Changed Facebook and only other Social Media I use is LinkedIn and that's not affected.

But ohmygawsh Minecraft is on that list as affected. Serious business.
 
Meh. So much over hype on this. I'll get around to changing some passwords some day.

YOLO!!
 
You must log in or register to reply here.
Top Bottom
Back