Status
Not open for further replies.

MindlessGenius

New Member
Warning! - Serious SSL related Security Issue - Immediate Global attention required!

About the Heartbleed bug...
http://heartbleed.com/

It is highly recommended that you test all secure server you normally use. You can go to this web site:
https://ssltools.geotrust.com/checker/views/certCheck.jsp

To test the server certificate you simply copy paste the address string starting with "https://" (It opens a secure "SSL" socket, and verify and checks for the vulnerability)
To test my own site SSL Mechanism and certificate:
Type this string in the box: https://hermes-computers.ca

Make sure you do test your bank, and every other server you regularly use, else that may have been compromised by the bug....
After you confirm the server, and the bug is patched (The site I provided above will assist you)

You will need to change all your online password for all sites compromised.
If unsure, change all your online passwords anyways (After you test to see if site is fixed or ok)

A later bit of background noise surrounding these issues...
https://www.techdirt.com/articles/20140331/08390426747/security-researchers-find-rsa-even-more-completely-compromised-nsa-than-previously-thought.shtml

http://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/

Please do keep a watchful eye on this site as it often offers great advise and is a good early warning system

https://eff.org

I hope you will find this informative

All the best!

Guy Deschênes
 

viktik

Level 24
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

so the question is in the two years period, how many passwords and supposedly encrypted data has been leaked?

This is big. You need to change password of almost every major website you use.
Facebook, instagram, pininterest, tumblr, twitter, google, yahoo, flickr, youtube, box, dropbox, github.

All our personal and confidential data may be out there in hand some computer geek. And we cannot reverse it. We may change login passwords. But other confidential that consist of our names, address, age, bank account data, cannot be changed. So if those gets leaked then its out there forever.
 
Last edited:

BoraMurdar

Community Manager
Staff member
Verified
Some helpful people have been compiling lists of sites where a password change is indicated. For example, a list of some major sites showing those which need a changed password is at Mashable.

Here are some big sites that were affected and need a password change: Note that these sites and others in a list at the Mashable link cited above are said to have already patched the Heartbleed bug.

  • Yahoo
  • Yahoo Mail
  • Facebook
  • Google
  • Gmail
  • Instagram
  • GoDaddy
  • Pinterest
Here are some major sites that are said to not require a password change:

  • Microsoft
  • eBay
  • Amazon
  • Paypal
  • Hotmail/Outlook
  • AOL
 
Status
Not open for further replies.