Heartbleed Bug

Lastpass says all my sites are clear apart from Rockstar Games Social Club. I'll keep checking periodically over the next couple of weeks in case that changes.
 
Lastpass said the below sites had problems.

123rf.com
imgur.com
o2.co.uk
rockstargames.com
yahoo.com

With 123rf.com & imgur.com still not showing an updated cert.
 
Not really as my online presence is minimal, and whilst the bug has been around a while, the main sites I use haven't been affected from what I can tell or fixed. Access to online banking requires an RSA token anyway - which is the only thing I'd be really worried about.
 
I use Lastpass and find it works pretty well for what it is for.
Also has Android and IOS apps which is useful.
Guess it is down to whether you are happy with the 'eggs in one basket' idea.

One interesting point. Their own site WAS vulnerable to this bug but the data is encrypted on your own machine before it goes to their servers so any data stolen would already have encryption.
 
Just gone to log-in to my on-line banking and was happy to see this.

Customers may be aware of media interest in an external Internet related issue called ‘Heartbleed’. Halifax takes the security of our banking services very seriously and we would like to reassure our customers that our Online Banking systems are not exposed to this vulnerability. As such customers are advised that there is currently no need for them to take any action with regards to changing Halifax passwords.
Click to expand...
 
thedoc46 said:
Apologies if this is already being discussed but i didn't see it on the first page of GD.

Anyway, so cutting a long story short, hackers pretty much have EVERYTHING.

http://heartbleed.com/

Any Credit Cards we've ever used, any p/w for any forum, e-commerce sites, fleabay, amazon, paypal..... well to round it up, the entire internet which relied on SSL, has been compromised.

Is it even worth changing all your passwords, I mean, they're probably already working on a new hack, that won't be discovered for another couple of yrs..

I've just had all my credit cards replaced after using them in Target (USA) over xmas. Which was hacked over that period.

Does it worry you ?
Click to expand...

Just OpenSSL is efected.
 
i have loads of password across the net but only a few which are money involved like

paypal , my bank which gives an error when checking ? coop

what about forums is it even worth changing your passwords for a forum .

also what about xbox.com and battlenet


could be a long long night if i have to change passwords on all of them :(
 
Edward78 said:
Just OpenSSL is efected.
Click to expand...

That is the problem, a lot (most?) websites will use OpenSSL for their SSL. If only everyone has been using Microsoft IIS for their websites this wouldn't be an issue ;)

It can also affect web pages for management of security devices such as firewalls or Certain SSL VPNs.
 
It's really surprising that this bug has been known about for 2 years and no-one has fixed it. I get the feeling that companies are looking on Open Source software much more favourably as the large bills from MS, Oracle, IBM etc for upgrading their proprietary products start to become apparent. Hope this doesn't affect that attitude.
 
You must log in or register to reply here.
Back
Top Bottom