Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Heartbleed: The latest security flaw is a part of some of the most used cryptography for websites an
And any use of the exposure, so far, can't be traced.
If you've put any personal or financial information anywhere on the internet, change your passwords.
Google search for Heartbleed.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Comments
This is about as close to an Internet Apocalypse as we can get. The only way it could have been worse would be if a hacker syndicate discovered this and used it without telling anyone.
Couple of things: It affects OpenSSL, which means smaller sites, and ironically, more security conscious sites are going to be affected. Larger, commercial sites are likely using commercial implementations or appliances, so are less likely to be affected. That's just 'less likely', they could still be using OpenSSL in those commercial implementations and commercial appliances. Maybe give vendors a couple days to get things patched before changing your passwords, or if you change them now, change them again in a week, just in case. The fix has been made available, but it may take a little time before everyone is patched.
http://heartbleed.com has the information from one half of the people who found the bug.
I can not remember winning or losing a single debate on the internet.
Just saw this on Steam earlier...
Was it a hack or a dev message?
Most Linux distributions should have an easy way to patch their systems by now. It usually involves a simple package update for OpenSSL, through yum or apt-get, depending on your distribution.
If you are a user, there is nothing you can do to fix the bug. I strongly suggest you use Chromebleed extension if you browse with Chrome. This will warn you if you are visiting a site which is vulnerable to the bug. If you visit a site which hasn't been patched, don't log in to that site.
This is probably a horrible idea, but here is a site that you can use to test the various services that you use on a regular basis (your bank, bill pay services, etc.).
http://filippo.io/Heartbleed/
I can not remember winning or losing a single debate on the internet.
Changing your passwords won't do anything unless the site you are changing it on has already issued a new SSL (with an updated version of OpenSSL).
The internet isn't going to end over this.
You make me like charity
More true words have ever been spoken
I'm remarkably apathetic about this.
It's the internet. Every bit of data streams through dozens, sometimes hundreds, of various hops, routers, switches, servers, and gizmos.
To think that you can have 100% security is a fool's notion, even with the most sophisticated cryptology available.
I've heard it said often: You only lock the door on your house to keep honest people honest.
If someone wants your data/stuff bad enough - no amount of security is enough. Nothing is foolproof. All security does, be it digital or physical, is throw more levels of complexity at it, raising the stakes to the would-be thief for the question "Is it really worth the trouble/time/expense/risk to get at this?"
For some items, that's an unequivocal "yes" no matter what level of security you employ, and for those items, they just shouldn't be on the internet in the first place. For someone trying to skim my empty bank account - yeah, it's a inconvenient pain in the ass should it get hacked, but so is trying to do all my banking offline. It's picking the lesser of the two evils.
There are probably hundreds of hackers out there with my forum credentials for this forum. Not that this forum was part of this particular bug, but this forum doesn't employ industrial-grade security either and probably wouldn't even know if they were hacked at all unless it was really sloppy. But what benefit do they gain in having access to this forum? Nothing... unless it happens to be the same credentials for online gaming, or work login, or bank account. And you can be sure that they have tried, and are trying with yours.
It's the open internet - there's a price to be paid for such openness, and that's no expectation for privacy or secrecy.
Yeah..or you could be like me and not have any useful info for anyone to see.
So this is the new panic situation....2014's version of the year 2000