Heartbleed Bug - Yahoo & Others Affected

The machines we love to hate

Moderator: Wiz Feinberg

Post Reply
User avatar
Jim Cooley
Posts: 1831
Joined: 23 Apr 2010 9:12 am
Location: The 'Ville, Texas, USA

Heartbleed Bug - Yahoo & Others Affected

Post by Jim Cooley »

Links to three website reports regarding the recently discovered Heartbleed bug. It's looks nasty.

http://heartbleed.com/

http://www.cnet.com/news/heartbleed-bug ... passwords/

http://www.cnet.com/news/how-to-protect ... bleed-bug/
Hey, mister, how do you pedal that thing anyway?

"The worst an honest man can do is make an honest mistake" - Augustus McCrae
"From the sweet grass to the packing house, birth 'til death, we travel between the eternities" - Prentiss Ritter

Too many steels, amps & other stuff, and an open mind. I have tube amp bias.
Top
User avatar
Paul Arntson
Posts: 1375
Joined: 8 Jun 2004 12:01 am
Location: Washington, USA

Post by Paul Arntson »

Thanks for posting this. It appears to be a big deal.
At the very lest, after our banks and stuff have had time to upgrade, its time to change all passwords.
Excel D10 8&4, Supro 8, Regal resonator, Peavey Powerslide, homemade lap 12(a work in progress)
Top
User avatar
Wiz Feinberg
Posts: 6103
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:
Contact Wiz Feinberg

Post by Wiz Feinberg »

The best advice is that if you intend to change passwords, do so on websites that test immune to the exploit. If you change them on sites that are not yet patched and which are now being probed by hackers, your newly changed password might be bled out.

All of this is very iffy right now. I was forced to change my password for Domaintools.com to use it. But, after testing the site, it only received a B and C for its own configuration security.

Test websites using SSL via the Qualys SSL Labs Tester.

Also, watch out for fake email messages about clicking to reset your password on this site or that site. Treat them as suspicious unless you use a mouse and can hover over the links to reveal the actual domain linked to. Otherwise, play it safe and log on directly, from saved bookmarks, or memory. Watch out for typos and typo-squatter websites set up as phishing sites.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Top
User avatar
b0b
Posts: 29084
Joined: 4 Aug 1998 11:00 pm
Location: Cloverdale, CA, USA
Contact:
Contact b0b

Post by b0b »

Here's a very good summary of which major web sites were affected:

http://mashable.com/2014/04/09/heartble ... -affected/

The Steel Guitar Forum is NOT affected by this bug, as we do not use OpenSSL on our server.

The best way to keep passwords safe is to use a different password on every site, and keep them in a little notebook near your computer. A hacker can't ever get that.
-๐•“๐•†๐•“- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video
Top
User avatar
Paul Arntson
Posts: 1375
Joined: 8 Jun 2004 12:01 am
Location: Washington, USA

Post by Paul Arntson »

Thanks so much for that website, b0b!!!!
Excel D10 8&4, Supro 8, Regal resonator, Peavey Powerslide, homemade lap 12(a work in progress)
Top
User avatar
Jim Cooley
Posts: 1831
Joined: 23 Apr 2010 9:12 am
Location: The 'Ville, Texas, USA

Post by Jim Cooley »

Below is a link you Norton's Safeweb page. You can use it to check whether specific websites are vulnerable.

http://safeweb.norton.com/heartbleed
Top
Post Reply

Return to โ€œComputersโ€