Just heard on BBC news that the Secure Sockets Layer encryption has been breached and that logging on to things like your bank can give your password to criminals. DO NOT go on to change your passwords as this will still allow them to get in later.
STAY away from any site you have to use a password for that you don't want anyone to get into - like your bank.
This is not a scare but seems genuine.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bbc.co.uk/news/technology-26954540"
linktext was:"http://www.bbc.co.uk/news/technology-26954540"
====================================
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.huffingtonpost.com/2014/04/08/heartbleed-66-percent_n_5112793.html"
linktext was:"http://www.huffingtonpost.com/2014/04/0 ... 12793.html"
====================================
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.gizmodo.co.uk/2014/04/heartbleed-why-the-internets-gaping-security-hole-is-so-scary/"
linktext was:"http://www.gizmodo.co.uk/2014/04/heartb ... -so-scary/"
====================================
topic title: OpenSSL compromised
9 posts
• Page 1 of 1
-
fatmacPosts: 850
- Joined: 26 Jul 2012
#1
According to another website I frequent, OpenSSL has had a security hole for a couple of years(?).
-
rokytnjiPosts: 4,164
- Joined: 20 Feb 2009
#2
In case you wanna check if paranoid
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/"
linktext was:"https://www.ssllabs.com/ssltest/"
====================================
By the wayLinux Tracker passes. Linux Forums org passes. Linux Questions Org passes.
What a pass looks like
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/analyze.html?d=linuxquestions.org"
linktext was:"https://www.ssllabs.com/ssltest/analyze ... stions.org"
====================================
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://forum.mepiscommunity.org/"
linktext was:"Mepis"
====================================
?
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/analyze.html?d=forum.mepiscommunity.org"
linktext was:"https://www.ssllabs.com/ssltest/analyze ... munity.org"
====================================
Beats the heck out of me on that one.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/"
linktext was:"https://www.ssllabs.com/ssltest/"
====================================
By the wayLinux Tracker passes. Linux Forums org passes. Linux Questions Org passes.
What a pass looks like
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/analyze.html?d=linuxquestions.org"
linktext was:"https://www.ssllabs.com/ssltest/analyze ... stions.org"
====================================
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://forum.mepiscommunity.org/"
linktext was:"Mepis"
====================================
?
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.ssllabs.com/ssltest/analyze.html?d=forum.mepiscommunity.org"
linktext was:"https://www.ssllabs.com/ssltest/analyze ... munity.org"
====================================
Beats the heck out of me on that one.
-
jdmeaux1952Posts: 667
- Joined: 01 Nov 2013
#3
Two Years??? Are they sure its not the NSA playing around?
-
dolphin_oraclePosts: 2,238
- Joined: 16 Dec 2007
#4
I use lastpass for password management, and they have a tool that tells you which of your accounts (that it manages, of course) are affect, and if the sites have fixed the issue, and when to change your password. Pretty nice.
While working through that last nite, I also discovered that they have a tool to tell you when your usernames are involved in a security breach.
While working through that last nite, I also discovered that they have a tool to tell you when your usernames are involved in a security breach.
-
Alanarchy
Posts 0 Alanarchy
#5
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/"
linktext was:"http://arstechnica.com/security/2014/04 ... ore-patch/"
====================================
Update - There is now a Heartbleed Bug web-site:
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://heartbleed.com/"
linktext was:"http://heartbleed.com/"
====================================
As in"Let's ramp up the fear factor to keep the proles under control!" sort of thing?Are they sure its not the NSA playing around?
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/"
linktext was:"http://arstechnica.com/security/2014/04 ... ore-patch/"
====================================
Update - There is now a Heartbleed Bug web-site:
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://heartbleed.com/"
linktext was:"http://heartbleed.com/"
====================================
-
Alanarchy
Posts 0 Alanarchy
#6
Running on the belief that you can't believe anything a government agency says until it has been officially denied:
"Heartbleed bug denial by NSA and White House"
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bbc.co.uk/news/technology-27004713"
linktext was:"http://www.bbc.co.uk/news/technology-27004713"
====================================
__{{emoticon}}__
"Heartbleed bug denial by NSA and White House"
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bbc.co.uk/news/technology-27004713"
linktext was:"http://www.bbc.co.uk/news/technology-27004713"
====================================
__{{emoticon}}__
-
EinoPosts: 630
- Joined: 12 Oct 2012
#7
Here is an eff e-mail that i just got on the subject.
Here I go changing passwords from site to site, But I giving them time to update everything.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://supporters.eff.org/civicrm/mailing/view?reset=1&id=612"
linktext was:"https://supporters.eff.org/civicrm/mail ... t=1&id=612"
====================================
Here I go changing passwords from site to site, But I giving them time to update everything.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://supporters.eff.org/civicrm/mailing/view?reset=1&id=612"
linktext was:"https://supporters.eff.org/civicrm/mail ... t=1&id=612"
====================================
-
EinoPosts: 630
- Joined: 12 Oct 2012
#8
The NSA exploited it for years.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html"
linktext was:"http://www.bloomberg.com/news/2014-04-1 ... umers.html"
====================================
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html"
linktext was:"http://www.bloomberg.com/news/2014-04-1 ... umers.html"
====================================
-
jdmeaux1952Posts: 667
- Joined: 01 Nov 2013
#9
SEE! I told you so.Eino wrote:The NSA exploited it for years.
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html"
linktext was:"http://www.bloomberg.com/news/2014-04-1 ... umers.html"
====================================