Jump to content

Menu

In case you didn't know - Heartbleed Bug


Recommended Posts

I know this should be posted on "Chat" but I wanted to be certain others saw it.

http://news.msn.com/science-technology/how-to-tell-if-heartbleed-could-have-stolen-your-password-and-when-it%e2%80%99s-safe-to-change-it

"As you’ve probably heard, the Heartbleed bug exposes websites that use a popular encryption technology to malicious attacks, and some of your passwords—and personal data—may well have been compromised. The vulnerable software, OpenSSL, is used to encrypt something like two-thirds of all sites on the web.

 

Who’s affected?

 

Github user Mustafa Al-Bassam performed a mass scan for vulnerable sites at 16:00 UTC (noon eastern time) on April 8th. It features over 10,000 websites, and he found that 627 of them were vulnerable to the bug. Yahoo sites (including email and Tumblr) were vulnerable, as was the popular dating site OkCupid.

 

What you can do now

 

We recommend searching the list linked above for your email provider, bank, and so on. Keep in mind that many of the sites that were vulnerable yesterday have since fixed their security problem. Check your inbox—if a site you use has been made safe again, they’ll have emailed you to let you know.

 

If you find yourself about to log in to a page that isn’t on the GitHub list, you can use this open source Heartbleed test to be sure it’s safe. That test attempts to interact with the site and extract a small amount of memory from it, mimicking the actions of a hacker stealing data, and alerts you if the site is vulnerable. If you use Chrome for your browser, you can get an extension that runs the test on command.

 

If you find that a site is still vulnerable, don’t enter any passwords or data that it doesn’t already have.

 

Why you need to hold off on changing your password

 

It’s tempting to freak out and change all your passwords immediately, but there’s no point in doing so before the sites you use are fixed—or else someone could just steal your new password. If one of the sites you use is vulnerable, make sure all other sites you use have unique passwords. (Many hackers will try to get into your other accounts using the one password they’ve found, because they know how lazy we are about coming up with new passwords.) At this point, it’s more prudent to wait for good news first. Once you’ve gotten the okay, take this opportunity to make your passwords extra secure. Or just give up and make them all Password1234."

 

 

Link to comment
Share on other sites

Anna's Mom- It isn't an infection. It is something that allows hackers to steal little bits of data that you enter - like your passwords. They can only get bits of data - so they might not get all your password, but if they keep grabbing info, they might get enough to get your password. On the sites that are now fixed (like Yahoo), you should change your password. On sites that are not fixed yet, you might want to go ahead & change your password to something new - but not to the same thing you entered on a fixed site.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...