[OT] Security bug

Have a question or want to show off your project? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Be careful out there!

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

<quote>
A newly discovered security bug nicknamed Heartbleed has
exposed
millions of usernames, passwords and reportedly credit card
numbers - a major problem that hackers could have exploited
during
the more than two years it went undetected. <end quote>

http://www.thewire.com/technology/2014/04/what-you-need-to-know-about-heartbleed-the-new-security-bug-scaring-the-internet/360366/

<quote>
The shortest version: You'll have to change all of your
passwords,
and temporarily avoid any site that is known to be
vulnerable. That
sounds a bit alarmist, we know, but now that internet and
security
experts know a little more about the security vulnerability,
it's
becoming more and more clear that Heartbleed is nothing to
mess
with.<end quote>

http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

etc.

If you go to that last one, there is a link, so you can
check the sites you use:

https://lastpass.com/heartbleed/



Re: [OT] Security bug
On Thursday, April 10, 2014 12:13:56 PM UTC-5, BEI Design wrote:
Quoted text here. Click to load it
I read this earlier today and it is my understanding that it's mostly aimed at Ubuntu users.  But that's not to say it can't affect more of us.  But the site I read it on said to keep a close eye on bank and credit card statements.  

Re: [OT] Security bug
:On Thursday, April 10, 2014 12:13:56 PM UTC-5, BEI Design wrote:
:>
:> Be careful out there!  
:>  
:> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/
:>  
:>  
:I read this earlier today and it is my understanding that it's mostly
:aimed at Ubuntu users.  But that's not to say it can't affect more of us.
:But the site I read it on said to keep a close eye on bank and credit
:card statements.

It's a server bug that made it possible for a remote attacker to
retrieve the contents of the memory of the server.  That means they
could get the encryption keys used by that server, as well as
passwords.  The only sensible thing to do is change the password of
every website you use.  

--  
sig 3

Re: [OT] Security bug
On 4/10/2014 1:13 PM, BEI Design wrote:

Quoted text here. Click to load it
Thanks for the web link. I started changing passwords last night. To add  
insult to injury our big desktop runs on Windows XP. even more reason to  
be extra careful. I asked DH not to use that computer for anything that  
requires a password. He's not a Happy Camper about that.
Juno

Re: [OT] Security bug
Juno wrote:
Quoted text here. Click to load it
<snip>

Quoted text here. Click to load it

Juno, the recommendation is to wait a bit before changing passwords,  
as unless the sites you visit patch the security hole the miscreants  
still have access to the data, so they will just get your *new*  
password(s).  :-(

From  
http://www.thewire.com/technology/2014/04/what-you-need-to-know-about-heartbleed-the-new-security-bug-scaring-the-internet/360366/ :
<quote>
But because each system administrator has to manually fix the  
problem, which takes time, there's really nothing you can do until  
the compromised sites are up and running with an updated version of  
OpenSSL, and a new security certificate in place - a "reset" of the  
encryption used to protect current and archived information on the  
server going forward. [...] Each site affected will have to do the  
same. Until then, stay away from those sites. It could take days, or  
longer, for vulnerable sites to recover from the bug.
<end quote>

I must have several DOZEN log-ons and passwords.  I create a new  
discrete one for every site I visit that requires one (shopping,  
broker, bank, facebook, etc.).  Each set is then stored in a  
password-protected text file on a thumb drive.  After I make all the  
changes, I'll edit that file, too. <sigh>

--  
Beverly
http://www.ickes.us


Re: [OT] Security bug

Quoted text here. Click to load it
Now he's really not a happy camper. since he got an iPad he's always  
checking everything. I keep telling him we  can do things other ways. I  
should say I can do things other ways. He loves computers but I'm the  
one who has to make all the changes, because he doesn't thin he'll do it  
right. Some days it makes me a little crazy.

Site Timeline