Heartbleed bug

**djpup** · April 9th, 2014, 07:46 PM

I do not know if this will affect this board or not.
NOT a joke.

http://heartbleed.com/

**Emptymag** · April 9th, 2014, 08:00 PM

I wonder if I could use one of those online foreign language translators for that?

**frankski** · April 9th, 2014, 08:32 PM

Here’s a tool my daughter who works with 'futers sent me. Use it to check individual sites (make sure to be very exact such as testing mail.yahoo.com instead of just Yahoo.com):

http://filippo.io/Heartbleed/

I've checked my key sites and they are clean.

OTOH, I can't get it to work with PAFOA.

**djpup** · April 9th, 2014, 08:35 PM

OTOH, I can't get it to work with PAFOA.

Guns scare it.

**NathanB** · April 9th, 2014, 08:35 PM

Ni its not and unfortunately its a hit too late. Its been in the wild fr quite some time. Now everyone is scrambling to patch it. When it was announced it wasnt such a big deal and then blew up overnight as the brevity of it hit home. I had over 40 emails relating to this alone this morning.

**NathanB** · April 9th, 2014, 08:38 PM

Its not sites like pafoa that you need to be worried about. Its sites that have access to persinably identifiable information or bank account and routing numbers etc. No one wants your username and password. They want what is going to make money.

**PaleDriver** · April 9th, 2014, 09:15 PM

Unfortunately the patch is not enough to know your site is secure. If a web pirate already seized the private key from the server it is not safe to use until the certificates have also been replaced.

I am waiting on a bunch of replacement certificates

**frankski** · April 9th, 2014, 09:17 PM

Originally Posted by NathanB

Its not sites like pafoa that you need to be worried about. Its sites that have access to persinably identifiable information or bank account and routing numbers etc. No one wants your username and password. They want what is going to make money.

True as long as you use different logins and passwords for finance and social media.

**rockstrongo** · April 9th, 2014, 10:02 PM

It's indeed a major deal. I work for financial services company and we patched for it on Monday night as soon as we got wind of it. We also pulled all of our SSL certificates and Keys and reissued them, since there is no way to know if your site has been compromised. Giant pain in the ass, but you have to assume that you have been hit.

https://bugs.debian.org/cgi-bin/bugr...cgi?bug=743883

**mingomom** · April 9th, 2014, 10:06 PM

I had a major panic attack when I heard the news as I have an online site for my practice. Fortunately, they don't use the vulnerable SSL/TSL but I changed all passwords just in case.

I also don't keep SS# and financial info so that reduces the risk.