Jump to content

Heartbleed security bug


Jord

Recommended Posts

Being all tech guys I'm sure most have heard about this but I thought it would probably be a good idea to share it. There's a bug in OpenSSL which could have compromised accounts.

 

http://www.bbc.co.uk/news/technology-26969629

 

The big sites to change are listed in the report below.

 

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link

Link to comment
Share on other sites

Because not every website has fixed the vulnerability yet... Which is really ridiculous.

I am wondering if there would have been a way to push most website to update without openly explaining the vulnerability everywhere, by now most good hackers probably know how to exploit it, and all the website still vulnerable are listed online. Sounds like open market...

 

 

 

Do someone here really understand the openSSL vulnerability ? I would like to concretely understand what hackers could get.

Do they havve access to stored data on servers ? Allowing them to download huge list of users logins/password ?

Or is it more of a case by case vulnerability, where the hacker would need to look for my login information to get it ?

Edited by ng.aniki
Link to comment
Share on other sites

To my uninformed mind, it sounds like doing nothing is the best thing right now.. as long as you don't give the vulnerable sites reason to put your information in memory, I don't see why they would. Changing your password would definitely put your info in memory, so it seems like laying low is the best strategy until the exploit is fixed..

But again, I'm not a programmer or really familiar at all with the details of the exploit, so correct me if I'm wrong.

Link to comment
Share on other sites

Not specially. if the bug is fixed on a website, it is better to change your password so if a hacker got your data he cannot access your account..

 

If you are using lastpass, you can see which of your passwords are safe to change:

 

lastpass.jpg

 

Click on the lastpass icon > Tools > Security check.

Edited by ng.aniki
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...