Warning! - Serious SSL related Security Issue - Immediate Global attention required!

Status
Not open for further replies.
M

MindlessGenius

New Member
Thread author
Verified
May 24, 2013
15
Warning! - Serious SSL related Security Issue - Immediate Global attention required!

About the Heartbleed bug...
http://heartbleed.com/

It is highly recommended that you test all secure server you normally use. You can go to this web site:
https://ssltools.geotrust.com/checker/views/certCheck.jsp

To test the server certificate you simply copy paste the address string starting with "https://" (It opens a secure "SSL" socket, and verify and checks for the vulnerability)
To test my own site SSL Mechanism and certificate:
Type this string in the box: https://hermes-computers.ca

Make sure you do test your bank, and every other server you regularly use, else that may have been compromised by the bug....
After you confirm the server, and the bug is patched (The site I provided above will assist you)

You will need to change all your online password for all sites compromised.
If unsure, change all your online passwords anyways (After you test to see if site is fixed or ok)

A later bit of background noise surrounding these issues...
https://www.techdirt.com/articles/2...compromised-nsa-than-previously-thought.shtml

http://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/

Please do keep a watchful eye on this site as it often offers great advise and is a good early warning system

https://eff.org

I hope you will find this informative

All the best!

Guy Deschênes
 
viktik

viktik

Level 25
Verified
Well-known
Sep 17, 2013
1,492
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

so the question is in the two years period, how many passwords and supposedly encrypted data has been leaked?

This is big. You need to change password of almost every major website you use.
Facebook, instagram, pininterest, tumblr, twitter, google, yahoo, flickr, youtube, box, dropbox, github.

All our personal and confidential data may be out there in hand some computer geek. And we cannot reverse it. We may change login passwords. But other confidential that consist of our names, address, age, bank account data, cannot be changed. So if those gets leaked then its out there forever.
 
Last edited:
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Some helpful people have been compiling lists of sites where a password change is indicated. For example, a list of some major sites showing those which need a changed password is at Mashable.

Here are some big sites that were affected and need a password change: Note that these sites and others in a list at the Mashable link cited above are said to have already patched the Heartbleed bug.

  • Yahoo
  • Yahoo Mail
  • Facebook
  • Google
  • Gmail
  • Instagram
  • GoDaddy
  • Pinterest
Here are some major sites that are said to not require a password change:

  • Microsoft
  • eBay
  • Amazon
  • Paypal
  • Hotmail/Outlook
  • AOL
 
  • Like
Reactions: Koroke San and Michael_Blunt
Exterminator

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
I know Yahoo & Google have both updated a couple days back
 
Status
Not open for further replies.

Similar threads

CyberTech
    • +Reputation
    • Like
Atlassian warns of exploit for Confluence data wiping bug, get patching
Replies
0
Views
636
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • +Reputation
    • Like
Kodi discloses data breach after forum database for sale online
Replies
0
Views
991
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Technology How Troy Hunt has ended up playing an oddly central role in global cybersecurity.
Replies
0
Views
535
Technology News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top