|
|
|
|
| Author |
|
|
Team California
|
"Heartbug" virus question:
Do I now have to change my PW on every site that has the padlock icon on address bar, like ebay/paypal, etc...?
Is it too late? Did the boogeyman in Russia, or wherever, already steal all my info?  Enquiring minds want to know. |
||
04-09-2014, 06:13 PM
|
|
|
It'll be legen-waitforit
Join Date: Jan 2002
Location: Calgary, Canada
Posts: 6,979
|
No only some sites are affected. OpenSSL sites, it's been in the wild a long time so they would have got what they needed by now
|
||
|
04-09-2014, 07:28 PM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 55,915
|
No point in changing your password until you have confirmed that the site has "fixed the glitch". If the site hasn't updated to mitigate the bug, and you change your password, then you are potentially just giving them your new password.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
04-09-2014, 07:29 PM
|
|
|
Registered
|
If you are concerned about the sites you visit, Qualsys has updated their SSL test to check for Heartbleed vulns.
https://www.ssllabs.com/ssltest/index.html |
||
|
04-10-2014, 02:15 AM
|
|
|
You do not have permissi
Join Date: Aug 2001
Location: midwest
Posts: 39,850
|
There's supposedly a civilian version of Stuxnet virus which can jump air gaps:
BadBios Virus: 5 Fast Facts You Need to Know | HEAVY The “BadBIOS” virus that jumps airgaps and takes over your firmware – what’s the story? | Naked Security Ultimate power corrupts, ultimately. |
||
|
04-10-2014, 05:46 AM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,345
|
Quote:
Basically if a site is using this version of OpenSSL for their encryption then someone can listen for the traffic, copy it, decrypt it and your username and password for that password might be in it. If it is, well you could have given access to your bank to someone. This is why two-factor authentication is so important for things that matter. If you had a regular password and then a one time password from somewhere else then getting the one password would not compromise you. The one time password you also have changes every time and you have some 'thing' either an app on your computer/smart device or a fob that creates the one time password. They would get that password which isn't good for more than one login. Anyway. I hate it when encryption bugs happen.
__________________
-The Mikester I heart Boobies |
||
|
04-10-2014, 07:09 AM
|
|
|
|
Run smooth, run fast
Join Date: Aug 2008
Location: South Carolina
Posts: 13,447
|
C|NET's list of top 100 sites that have been patched...
...along with those that haven't... and those that supposedly were never vulnerable:
Heartbleed bug: Check which sites have been patched - CNET
__________________
- John "We had a band powerful enough to turn goat piss into gasoline." |
||
|
04-13-2014, 11:36 PM
|
|
Porsche 944
