Dae314 Posted April 11, 2014 Report Share Posted April 11, 2014 In case you all haven't heard the news yet, a rather widespread (and thus annoying) openSSL bug was discovered a few days back. Over the past about 48 hours companies who discovered they were vulnerable scrambled to patch their servers. There is already a lot of information about the exploit some of the best for quickly getting a grasp on the situation I linked below: http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/ http://techcrunch.com/2014/04/08/what-is-heartbleed-the-video/ http://heartbleed.com/ So if you bothered reading through all that (or watching the video in the second link) you're probably wondering what you should do now? Well that answer varies. For companies that discovered they were vulnerable and subsequently fixed that vulnerability, you should go reset your password. Pay extra attention to sites where you have financial or personal information (e.g. facebook, game websites where you've done transactions, etc.). A sweeping list of the status some high profile sites can be found in the link below: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ If the company has come out and said they are not affected, then no worries. The bug is affecting only a specific version of OpenSSL, so if companies are using a different version or not using OpenSSL at all, you don't have to do anything. If the company in question has not yet released a statement, you should probably wait until they do before taking action. Changing your password while the servers are still vulnerable means you'll just have to change it again once the patch is applied. OpenSSL is used in a lot of areas. Some routers are affected too according to the article below: http://www.engadget.com/2014/04/10/the-heartbleed-bug-is-affecting-routers-too/?ncid=rss_truncated Link to comment Share on other sites More sharing options...
Guest Posted April 11, 2014 Report Share Posted April 11, 2014 I dont use:gmailfacebookinstagramtumblr nothing to worry about thankfully firefox does not use openssl Link to comment Share on other sites More sharing options...
lemmingllama Posted April 11, 2014 Report Share Posted April 11, 2014 Already done as companies fixed themselves. However, it isn't wholly necessary. If I recall, there were no incidents where hackers were found to be taking user information, and the Fixed OpenSSL was put out in record time to fix the issue. It is still good policy to change your passwords, but it is likely that there isn't a huge need to do so. Link to comment Share on other sites More sharing options...
bartbob12 Posted April 11, 2014 Report Share Posted April 11, 2014 Most larger websites / corporations will have patched this before or as it became public, its more smaller websites, i.e local shops etc who will take longer to rectify the problem Link to comment Share on other sites More sharing options...
Dae314 Posted April 12, 2014 Author Report Share Posted April 12, 2014 Lamma: still advisable that you change your pw. It could be that your pw is on some hacker's list that he/she's selling on the black market and will get exploited in several months. Not a likely scenario but a possible one. bart: Just because the service is patched doesn't mean you don't have to change your password. In fact, as I said above you don't want to change your password UNTIL the service is patched. It was in fact not patched before it went public. It was public for a while before it was discovered. You were affected if the company you're using said they had to patch their servers. Link to comment Share on other sites More sharing options...
lemmingllama Posted April 12, 2014 Report Share Posted April 12, 2014 Lamma: still advisable that you change your pw. It could be that your pw is on some hacker's list that he/she's selling on the black market and will get exploited in several months. Not a likely scenario but a possible one.bart: Just because the service is patched doesn't mean you don't have to change your password. In fact, as I said above you don't want to change your password UNTIL the service is patched. It was in fact not patched before it went public. It was public for a while before it was discovered. You were affected if the company you're using said they had to patch their servers. Link to comment Share on other sites More sharing options...
Dark Lucario Posted April 14, 2014 Report Share Posted April 14, 2014 (edited) im not using any of the sites affected and i don't have important things online anyways, im using different passwords everywhere. Edited April 14, 2014 by Lucario85 Link to comment Share on other sites More sharing options...
ljonesj Posted April 15, 2014 Report Share Posted April 15, 2014 and it would not help if some of those sites still use the bad open ssl and you change your password as it would still be comprimised so wait till they say they fixed it and then change the password Link to comment Share on other sites More sharing options...
Tanis Posted April 16, 2014 Report Share Posted April 16, 2014 WE-ARE-SO-BONED!!! Link to comment Share on other sites More sharing options...
Guest Posted April 16, 2014 Report Share Posted April 16, 2014 best most secure passwords:https://www.grc.com/passwords.htm Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now