rivonia
Active member
On all news channels and papers. Please do check read up on it. Evidently the hackers are into it big time world wide. Called bleeding heart.
Peter
Peter
Alert for Passwords/banking/C.C's etc
- Thread starter rivonia
- Start date
prv
Well-known member
The attack is actually called "heartbleed", because it involves exploiting the heartbeat function in certain versions of the TLS protocol, and data is leaked (as in bleeding) from the server process's memory space.
The vulnerability exists only in certain versions of the OpenSSL library, which is widely but not universally used. It tends to be associated with Apache / open source / internet-native type systems, whereas corporate / enterprise / banking types are more likely to be using a vendor-specific commercial crypto system. Though this is not a hard-and-fast rule.
Pete
The vulnerability exists only in certain versions of the OpenSSL library, which is widely but not universally used. It tends to be associated with Apache / open source / internet-native type systems, whereas corporate / enterprise / banking types are more likely to be using a vendor-specific commercial crypto system. Though this is not a hard-and-fast rule.
Pete
Poignard
Well-known member
Thank you for explaining that. I think I will start keeping my money under the mattress again.
GHA
Well-known member
On radio 4 now, not much point changing passwords until you know if the provider actually has a problem and if so, has fixed it.
KellysEye
Active member
It's not banks/cc's it's things like Gmail, Google, Facebook etc. MS Hotmail if fine it doesn't use Open SSL.
GHA
Well-known member
Some test sites in here to check if a particular site is OK.
http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
Seems safe in here
http://filippo.io/Heartbleed/#Www.Ybw.Com
http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
Seems safe in here
http://filippo.io/Heartbleed/#Www.Ybw.Com
Mistroma
Well-known member
At least it hit the news on a good day for me. I'm getting ready to fly back out to my boat for a 6-7 month cruise and had planned to update my passwords a couple of days ago. However, I had some last minute things to sort out and decided to leave the task until tomorrow. So at least it saved the effort of changing them and then having to repeat the process a couple of days later.
At least the process isn't too troublesome. I've been using software called Password Safe for about 12 years to manage my password list. It was originally designed by Bruce Schneier, is open source and free, so that was good enough reason to start using it many years ago. It still seems adequate to the task but I'm certain there are plenty of other similar free programs around.
http://passwordsafe.sourceforge.net/index.shtml
Well worth considering something like this to manage your passwords if you are now considering changing them.
At least the process isn't too troublesome. I've been using software called Password Safe for about 12 years to manage my password list. It was originally designed by Bruce Schneier, is open source and free, so that was good enough reason to start using it many years ago. It still seems adequate to the task but I'm certain there are plenty of other similar free programs around.
http://passwordsafe.sourceforge.net/index.shtml
Well worth considering something like this to manage your passwords if you are now considering changing them.
Last edited:
BrendanS
Well-known member
There is, if you use the same password across different websites. Change your password on sites which have fixed the problem AND have recertified. Change your password on sites which haven't had a problem, if you use the same password on more than one site. If your commonly used password is out in the open with the same username, brute force (very easy to do, competent hackers can use same username and password against loads of sites and see if it works)can use that info. When sites which aren't fixed and don't have new certificates sort themselves out, change your password on those as well.
Use a different password on every site, to avoid some of these issues in the future. Especially on email, banking and those where you purchase things.
Cariadco
Active member
I've changed all my passwords to 'incorrect'.....
Everytime I get it wrong, a message flashes up 'Your password is Incorrect'
Simples....?
Everytime I get it wrong, a message flashes up 'Your password is Incorrect'
Simples....?
wazza
Member
That has to be the safest place for it really... Change it into the currency you want the off you go.!