Heartbleed bug

[nitz]

Flaw in open SSL - very huge apparently. I believed it when i got an email from SC saying for security reasons were logging everyone out, sign in with a new password.

This nicely produced website has all the details:

http://heartbleed.com

No details of bank details being robbed - yet..

"All good, dubstepforum.com seems fixed or unaffected!"
http://filippo.io/Heartbleed/#dubstepforum.com

[mks]

Anyone using Yahoo among many other sites, change your password.

[titchbit]

Any other sites besides soundcloud and yahoo being affected that we know?

[Phigure]

Basically every service that used OpenSSL (like 2/3 of the internet) and hasn't updated their systems with the fix

The worst thing about this exploit is that it doesn't really leave a trace so it's impossible to know if you've been affected. Also the exploit allows the private keys for SSL certificates to be stolen so all past SSL traffic can be decrypted

[rockonin]

I'm using Norton 360 Identity safe login feature.

[Phigure]

I just googled what the fuck that even is and it turns out they use SSL too

Change your passwords to be on the safe side

[mks]

Flickr and Imgur accounts were compromised. Tumblr has patched their servers but you need to update your passwords on any accounts that you have on these sites.

https://en.wikipedia.org/wiki/Heartbleed_bug

[nitz]

"FBI"


the ironic

[_ronzlo_]

Diagnostic tool:

http://rehmann.co/projects/heartbeat/

[m8son666]

god forbid someone hacks my dsf account

[AxeD]

Yeah, so the important stuff is not protected with this crap right?
I use 4 different passwords now anyways.

[Jizz]

urr Soundcloud's not letting me change my password, apparently its a "bad gateway 502"

[Forum]

What about things like amazon, paypal, o2 that have my bank details?

I'll never remember a whole load of new passwords

[m8son666]

meh as always i am apathetic about this i have the same password for everything and can't be arsed to change them

inb4 all my money gets taken

[Phigure]

What about things like amazon, paypal, o2 that have my bank details?

I'll never remember a whole load of new passwords

if you used the same password on a site that was compromised, then attackers can try to use that username/email and password pair on other sites like amazon, paypal, etc, so yeah i'd probably change passwords

the odds are probably pretty low but it cant hurt to be safe

edit:

Yeah, so the important stuff is not protected with this crap right?

nope. basically any "secure" site uses ssl (if you see https in the url and/or the little padlock in the address bar, it's using ssl), and openssl specifically is the default implementation on apache and nginx servers (which are 2/3 of servers)

[_ronzlo_]

So if you use the same passwords for porn as you do for banking...

[hifi]

what i do is i just add an extra number so: password, password1, password2, etc hacker would never guess to add that extra #

[Phigure]

except that its not a dude sitting at a computer screen typing in your password, anyone competent enough to be doing this sort of attack is going to have code thatll try permutations of your password (capitalize certain letters, add numbers to the end, etc)

[nousd]

seriously
wouldn't a smart bug track attempted password changes?

btw, thought this thread was about the ebola outbreak
(which could be way more serious)

[_ronzlo_]

Right, except this isn't a case of a single or handful of possibly unsafe entities sneakily trying to crack your system in realtime:

rather, this means that although no massive breaches have been reported yet, every single site employing the compromised outdated protocols has its backdoor essentially unlocked for anyone inclined to do so, and if any of them were to be compromised, they can have a go at anything cached on your system (passwords, $$$ info, yadda) very easily. Those security certificates you get from trusted sites mean less than nothing in this scenario.