Results 1 to 10 of 12
Thread: Heartbleed bug
-
April 9th, 2014, 07:46 PM #1
Heartbleed bug
I do not know if this will affect this board or not.
NOT a joke.
http://heartbleed.com/
-
April 9th, 2014, 08:00 PM #2
Re: Heartbleed bug
I wonder if I could use one of those online foreign language translators for that?
I called to check my ZIP CODE!....DY-NO-MITE!!!
-
April 9th, 2014, 08:32 PM #3Super Member
- Join Date
- Oct 2013
- Location
-
'burbs,
Pennsylvania
(Bucks County) - Posts
- 788
- Rep Power
- 21474847
Re: Heartbleed bug
Here’s a tool my daughter who works with 'futers sent me. Use it to check individual sites (make sure to be very exact such as testing mail.yahoo.com instead of just Yahoo.com):
http://filippo.io/Heartbleed/
I've checked my key sites and they are clean.
OTOH, I can't get it to work with PAFOA.
-
April 9th, 2014, 08:35 PM #4
Re: Heartbleed bug
OTOH, I can't get it to work with PAFOA.
-
April 9th, 2014, 08:35 PM #5Grand Member
- Join Date
- Aug 2011
- Location
-
Moscow,
Pennsylvania
(Lackawanna County) - Posts
- 4,029
- Rep Power
- 21474853
Re: Heartbleed bug
Ni its not and unfortunately its a hit too late. Its been in the wild fr quite some time. Now everyone is scrambling to patch it. When it was announced it wasnt such a big deal and then blew up overnight as the brevity of it hit home. I had over 40 emails relating to this alone this morning.
-
April 9th, 2014, 08:38 PM #6Grand Member
- Join Date
- Aug 2011
- Location
-
Moscow,
Pennsylvania
(Lackawanna County) - Posts
- 4,029
- Rep Power
- 21474853
Re: Heartbleed bug
Its not sites like pafoa that you need to be worried about. Its sites that have access to persinably identifiable information or bank account and routing numbers etc. No one wants your username and password. They want what is going to make money.
-
April 9th, 2014, 09:15 PM #7
Re: Heartbleed bug
Unfortunately the patch is not enough to know your site is secure. If a web pirate already seized the private key from the server it is not safe to use until the certificates have also been replaced.
I am waiting on a bunch of replacement certificates
-
April 9th, 2014, 09:17 PM #8Super Member
- Join Date
- Oct 2013
- Location
-
'burbs,
Pennsylvania
(Bucks County) - Posts
- 788
- Rep Power
- 21474847
-
April 9th, 2014, 10:02 PM #9Senior Member
- Join Date
- Feb 2010
- Location
-
Downingtown
(Chester County) - Posts
- 281
- Rep Power
- 26278
Re: Heartbleed bug
It's indeed a major deal. I work for financial services company and we patched for it on Monday night as soon as we got wind of it. We also pulled all of our SSL certificates and Keys and reissued them, since there is no way to know if your site has been compromised. Giant pain in the ass, but you have to assume that you have been hit.
https://bugs.debian.org/cgi-bin/bugr...cgi?bug=743883Last edited by rockstrongo; April 9th, 2014 at 10:05 PM. Reason: add link to exploit.
-
April 9th, 2014, 10:06 PM #10
Re: Heartbleed bug
I had a major panic attack when I heard the news as I have an online site for my practice. Fortunately, they don't use the vulnerable SSL/TSL but I changed all passwords just in case.
I also don't keep SS# and financial info so that reduces the risk.
Bookmarks