Tempest Posted April 9, 2014 Share Posted April 9, 2014 Security Problem in OpenSSL Quote Link to comment Share on other sites More sharing options...
nullPointer Posted April 9, 2014 Share Posted April 9, 2014 Thanks for posting this Tempest. I read about this vulnerability on a separate site as well. It's actually quite concerning considering the multitudes of websites that rely on OpenSSL to protect personal data. Quote Link to comment Share on other sites More sharing options...
Adultery Posted April 9, 2014 Share Posted April 9, 2014 All the ones I used passed the test. :-)Damn heartbleed, it's always something. :-) Quote Link to comment Share on other sites More sharing options...
nullPointer Posted April 11, 2014 Share Posted April 11, 2014 Here's a pretty decent list of popular websites affected by the Heartbleed vulnerability. I believe it's being updated as more sites issue their status and whether or not they are/were affected. It's probably a good time to get out there and change some passwords! Be safe out there everybody!The Heartbleed Hit List: The Passwords You Need to Change Right Now Quote Link to comment Share on other sites More sharing options...
Adultery Posted April 11, 2014 Share Posted April 11, 2014 Actually they say you're supposed to wait until they fix compliance. The worst thing you can do is log on, your data will end up in the buffer then. Quote Link to comment Share on other sites More sharing options...
nullPointer Posted April 11, 2014 Share Posted April 11, 2014 I think most of the affected sites on that list recommending that users change their passwords are sites that were affected but have been (ostensibly) patched in the meantime. But yeah I mean you might be screwed either way really. 1 Quote Link to comment Share on other sites More sharing options...
headkaze Posted May 3, 2014 Share Posted May 3, 2014 Free Can Make You Bleed: the Underresourced Open Source Quote Link to comment Share on other sites More sharing options...
tthurman Posted May 4, 2014 Share Posted May 4, 2014 In the end, it seems like this was sort of swept under the rug.I used the lastpass https://lastpass.com/heartbleed/ site to assist determining if there was a possible breach on sites I use, and nearly everyone had old certificates. Some of them not real old, but old enough never the less. The popular consensuses was to "wait to hear from these institutions", and guess what? I haven't heard from any of them!So did they determine that they didn't have any possible problems, or just kept their mouth shut to limit the possible exposure any type of revelation might bring? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.