Please read, very important:
http://mashable.com/2014/04/09/heart...ites-affected/
Please read, very important:
http://mashable.com/2014/04/09/heart...ites-affected/
oh good Lord
thank you pablo! do you think the eBay and paypal passwords should be changed, too? not that bears have anything there, just wondering
Ask not what bears can do for you, but what you can do for bears. (razz)
When one is in agreement with bears one is always correct. (mae)
bears are back!!!!!!!!!!!!!!!!!!!!!!
To be safe, it wouldn't hurt. You just have to make sure the site has updated their SSL certificate to the new version.
oops... stupid bears didn't understand what you just said
Ask not what bears can do for you, but what you can do for bears. (razz)
When one is in agreement with bears one is always correct. (mae)
bears are back!!!!!!!!!!!!!!!!!!!!!!
Here's one article that explains it in some detail:
http://www.thewire.com/technology/20...ternet/360366/
Basically, changing a password now for a site that hasn't fixed this is pointless.Do you Yahoo? Do you use your Yahoo password on other sites? That password was possibly compromised by the security bug, and you'll have to change it once the bug is fixed. But because each system administrator has to manually fix the problem, which takes time, there's really nothing you can do until the compromised sites are up and running with an updated version of OpenSSL, and a new security certificate in place — a "reset" of the encryption used to protect current and archived information on the server going forward. Yahoo is working on a fix, but isn't there yet with all of its properties. Each site affected will have to do the same. Until then, stay away from those sites. It could take days, or longer, for vulnerable sites to recover from the bug.
i heard about this last night and i imediatley changed my passwords for my e-mails
I just went and changed my yahoo password, was I too early?
Only the gentle are ever really strong.
If a site has not yet updated its OpenSSH, then changing your password right now actually makes you more vulnerable because your data is (albeit slightly) more likely to be in resident memory.
This site is quite informative: http://mashable.com/2014/04/09/heart...ites-affected/
Author of The Road to the Dark Tower, Stephen King: A Complete Exploration of His Work, Life, and Influences and The Dark Tower Companion. Co-editor with Stephen King of the anthology Flight or Fright.
My Yahoo password is unique to Yahoo, so I assume that I would be OK. I did change my Yahoo password to be safe.
I wonder if this explains why so many people have had their Yahoo email accounts hijacked in recent months.
Author of The Road to the Dark Tower, Stephen King: A Complete Exploration of His Work, Life, and Influences and The Dark Tower Companion. Co-editor with Stephen King of the anthology Flight or Fright.
You should never use the same password anywhere else. I can heartily (hehe) recommend using LastPass. It's free and awesome: http://blog.lastpass.com/2014/04/las...bleed-bug.html
How do you know if a site has fixed the problem?
John
You can use an online checker like:
- http://filippo.io/Heartbleed/
- https://lastpass.com/heartbleed/
- http://rehmann.co/projects/heartbeat/
It's not fool-proof, though. The site's SSL certificate has to be dated at least April 8, 2014, which is what these checks look for.
Here's a testing site -- it's not a guarantee, but it's better than nothing: http://filippo.io/Heartbleed/
Author of The Road to the Dark Tower, Stephen King: A Complete Exploration of His Work, Life, and Influences and The Dark Tower Companion. Co-editor with Stephen King of the anthology Flight or Fright.
Here's more info on which top sites were affected and have fixed the vulnerability and which steps should be taken next if necessary: http://www.cnet.com/how-to/which-sit...eartbleed-bug/
LastPass was also affected by HeartBleed.
Author of The Road to the Dark Tower, Stephen King: A Complete Exploration of His Work, Life, and Influences and The Dark Tower Companion. Co-editor with Stephen King of the anthology Flight or Fright.
Not really:
http://blog.lastpass.com/2014/04/las...bleed-bug.html
It wouldn't be crazy to change your master password, though.In summary, LastPass customers do not need to be concerned about their LastPass accounts. Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys.
Read farther down the page:
LastPass utilizes OpenSSL for HTTPS/TLS/SSL encryption and we were therefore “vulnerable” to this bug. For anyone who was using this tool: http://filippo.io/Heartbleed/#lastpass.com to check whether LastPass was vulnerable, it would have shown that we were vulnerable until this morning, when we restarted our servers after the patched OpenSSL software update.
Author of The Road to the Dark Tower, Stephen King: A Complete Exploration of His Work, Life, and Influences and The Dark Tower Companion. Co-editor with Stephen King of the anthology Flight or Fright.
That's right, but LastPass doesn't hold the keys to your encrypted data, that always stays on your computer, which is why it's so cool and safe.
Thanks everyone for the info!
John
I changed the password to my treehouse!
All that's left of what we were is what we have become.