Jord Posted April 10, 2014 Report Posted April 10, 2014 Being all tech guys I'm sure most have heard about this but I thought it would probably be a good idea to share it. There's a bug in OpenSSL which could have compromised accounts. http://www.bbc.co.uk/news/technology-26969629 The big sites to change are listed in the report below. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link Quote
AlexM Posted April 12, 2014 Report Posted April 12, 2014 (edited) I'm wating a week or so before I go and redo all the passwords on all my accounts. FFS it's gonna take like 6 hours. EDIT: CHECK DEM C STRINGS BWAR Edited April 12, 2014 by AlexM Quote
ng.aniki Posted April 12, 2014 Report Posted April 12, 2014 (edited) Because not every website has fixed the vulnerability yet... Which is really ridiculous. I am wondering if there would have been a way to push most website to update without openly explaining the vulnerability everywhere, by now most good hackers probably know how to exploit it, and all the website still vulnerable are listed online. Sounds like open market... Do someone here really understand the openSSL vulnerability ? I would like to concretely understand what hackers could get. Do they havve access to stored data on servers ? Allowing them to download huge list of users logins/password ? Or is it more of a case by case vulnerability, where the hacker would need to look for my login information to get it ? Edited April 12, 2014 by ng.aniki Sentura 1 Quote
twiz Posted April 13, 2014 Report Posted April 13, 2014 To my uninformed mind, it sounds like doing nothing is the best thing right now.. as long as you don't give the vulnerable sites reason to put your information in memory, I don't see why they would. Changing your password would definitely put your info in memory, so it seems like laying low is the best strategy until the exploit is fixed.. But again, I'm not a programmer or really familiar at all with the details of the exploit, so correct me if I'm wrong. Quote
ng.aniki Posted April 13, 2014 Report Posted April 13, 2014 (edited) Not specially. if the bug is fixed on a website, it is better to change your password so if a hacker got your data he cannot access your account.. If you are using lastpass, you can see which of your passwords are safe to change: Click on the lastpass icon > Tools > Security check. Edited April 13, 2014 by ng.aniki Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.