Heartbleed Security Hole

[Crippler7815]

I'm sure some of you have heard about this, some probably haven't either, so I'm just spreading the word.

Long story short, huge security hole, in pretty much most secure servers (unless they've been patched) that allow for additional information to be returned in addition to the required info that's bounced off of the server. Lots and lots of passwords, sign ins, security certificates are potentially floating around.... sooooo change your passwords.

http://heartbleed.com/

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

 

[Emperor]

Definitely not enough being said about this!

It has been called; "The Greatest Security Hole" in the history of the internet by top tech guys in the industry. I would say this is pretty f'n serious!

 

[AustinBR]

Very true. It's causing a mess in pretty much every industry.

 

[madwabbit]

yup. its not new, just newly public.

 

[cajun_64]

If they got your passwords through this black hole, you change your passwords through the same black hole.... what are the odds they will not get the new passwords?

Isn't the our connected world a wonderful thing?

 

[Emperor]

If they got your passwords through this black hole, you change your passwords through the same black hole.... what are the odds they will not get the new passwords?

Isn't the our connected world a wonderful thing?

If the site you use a password for has already patched the hole, you are good to go!

For now! Bwaaaahaaahaaahaa!

 

[Crippler7815]

Oh, now this is interesting.

http://gizmodo.com/nsa-used-heartbleed-to-spy-on-people-for-years-1562307207

 

[AustinBR]

I have just accepted the fact that ANYTHING online is not secure. Don't want it shared? Don't post it online. Using different passwords is good, but in the end, if someone wants in to your stuff, they will get in.

 

[Crippler7815]

Yeah. I realized today how many sites I have passwords for.

 

[RedNeckRuger]

Test your server for heartbleed.
http://filippo.io/Heartbleed/

 

[nola_]

Thanks for the post.

Might be the reason someone from Cambodia tried to charge to my card recently. The "test" charge went through, but the fraud protection stopped the others.

 

[whitsend]

I've been getting emails on this for the last two days.
My bank checked and is good.

At work one vendor is all windows, one tested and is good, waiting to hear back from the other three.

It seems that some companies are on top of this and letting their customers know.

 

[Emperor]

I've been getting emails on this for the last two days.
My bank checked and is good.

At work one vendor is all windows, one tested and is good, waiting to hear back from the other three.

It seems that some companies are on top of this and letting their customers know.

And some have their heads under their desks, hoping this blows over for them with no snags! Dumbasses!

 

[Emperor]

I have just accepted the fact that ANYTHING online is not secure. Don't want it shared? Don't post it online. Using different passwords is good, but in the end, if someone wants in to your stuff, they will get in.

You don't realize how true this is! The person that fixes it and guarantees it; would/will be the richest man in the world!

 

[Crippler7815]

Here's a handy little tool for Chrome users.

http://lifehacker.com/chromebleed-notifies-you-if-a-visited-site-was-hit-by-h-1562512336

Installs on chrome and shoots you a warning if a page you're visiting is affected by Heartbleed