Pelican Parts Forums

Pelican Parts Forums (http://forums.pelicanparts.com/)
-   Off Topic Discussions (http://forums.pelicanparts.com/off-topic-discussions/)
-   -   "Heartbug" virus question: (http://forums.pelicanparts.com/off-topic-discussions/805540-heartbug-virus-question.html)

speeder 04-09-2014 07:13 PM
"Heartbug" virus question:
 
Do I now have to change my PW on every site that has the padlock icon on address bar, like ebay/paypal, etc...?

Is it too late? Did the boogeyman in Russia, or wherever, already steal all my info? :)

Enquiring minds want to know.

stealthn 04-09-2014 08:28 PM
No only some sites are affected. OpenSSL sites, it's been in the wild a long time so they would have got what they needed by now

masraum 04-09-2014 08:29 PM
No point in changing your password until you have confirmed that the site has "fixed the glitch". If the site hasn't updated to mitigate the bug, and you change your password, then you are potentially just giving them your new password.

Paul_Heery 04-10-2014 03:15 AM
If you are concerned about the sites you visit, Qualsys has updated their SSL test to check for Heartbleed vulns.

https://www.ssllabs.com/ssltest/index.html

john70t 04-10-2014 06:46 AM
There's supposedly a civilian version of Stuxnet virus which can jump air gaps:
BadBios Virus: 5 Fast Facts You Need to Know | HEAVY
The “BadBIOS” virus that jumps airgaps and takes over your firmware – what’s the story? | Naked Security

Ultimate power corrupts, ultimately.

mikester 04-10-2014 08:09 AM
Quote:
Originally Posted by Paul_Heery (Post 8007349)
If you are concerned about the sites you visit, Qualsys has updated their SSL test to check for Heartbleed vulns.

https://www.ssllabs.com/ssltest/index.html
Love those guys. Excellent link - thanks for that.

Basically if a site is using this version of OpenSSL for their encryption then someone can listen for the traffic, copy it, decrypt it and your username and password for that password might be in it.

If it is, well you could have given access to your bank to someone.

This is why two-factor authentication is so important for things that matter. If you had a regular password and then a one time password from somewhere else then getting the one password would not compromise you. The one time password you also have changes every time and you have some 'thing' either an app on your computer/smart device or a fob that creates the one time password. They would get that password which isn't good for more than one login.

Anyway.

I hate it when encryption bugs happen.

Heel n Toe 04-14-2014 12:36 AM
C|NET's list of top 100 sites that have been patched...
 
...along with those that haven't... and those that supposedly were never vulnerable:

Heartbleed bug: Check which sites have been patched - CNET


All times are GMT -8. The time now is 11:15 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website


DTO Garage Plus vBulletin Plugins by Drive Thru Online, Inc.