Heartbleed bug

speakingtohe · 04-09-2014, 09:06 AM

Revenue Canada has shut down their internet services de to the heartbleed bug.

http://www.cra-arc.gc.ca/menu-eng.html#msg

http://lifehacker.com/what-the-heart...you-1560801201

http://heartbleed.com/

More than a smidge scary

Helen

jersysman · 04-09-2014, 12:37 PM

I'll say. It's always something!

Mike L · 04-09-2014, 12:47 PM

A couple of sites that I visit regularly seem to be off the air at present. I don't know it it's directly because of Heartbleed, but it is quite possible.

Mike

Hamlet53 · 04-09-2014, 04:43 PM

I found that a lot of web sites that I normally visit daily were unreachable starting late afternoon; Pandora, Charles Schwab, . . . All were back online this morning though.

49Kat · 04-10-2014, 12:16 AM

A member of the Malwarebytes message board posted a link regarding sites that had been tested for vulnerability. The results are here:

https://github.com/musalbas/heartble...er/top1000.txt

Interesting list. So far, I don't see anything that concerns me re sites I log in to. The list is not comprehensive, however, and not all the sites I deal with re finances are on that list either.

Just for funzies, I searched for adobe, and the list shows it is not vulnerable to the bug.

Yahoo...well, it is, from the look of things.

MickiTee · 04-10-2014, 06:16 AM

This from CNET this morning about protecting yourself http://www.cnet.com/news/how-to-prot...tag=CAD1acfa04

Prestidigitweeze · 04-10-2014, 06:32 AM

Here's a site for checking present and past site vulnerability:

https://lastpass.com/heartbleed/

jswinden · 04-10-2014, 12:01 PM

Quote:

Originally Posted by 49Kat

A member of the Malwarebytes message board posted a link regarding sites that had been tested for vulnerability. The results are here:

https://github.com/musalbas/heartble...er/top1000.txt

Interesting list. So far, I don't see anything that concerns me re sites I log in to. The list is not comprehensive, however, and not all the sites I deal with re finances are on that list either.

Just for funzies, I searched for adobe, and the list shows it is not vulnerable to the bug.

Yahoo...well, it is, from the look of things.

The list you linked to might show some fixed sites. For example, Google, Amazon, and Facebook were all reported to be vulnerable yet this list shows them not to be. If they were vulnerable before a fix was made, people who used them are still at risk. So take that list with a grain of salt.

eschwartz · 04-10-2014, 01:00 PM

Quote:

Originally Posted by jswinden

The list you linked to might show some fixed sites. For example, Google, Amazon, and Facebook were all reported to be vulnerable yet this list shows them not to be. If they were vulnerable before a fix was made, people who used them are still at risk. So take that list with a grain of salt.

I haven't checked yet, but apparently the LastPass site gives you site history re:heartbleed vulnerability?

jswinden · 04-10-2014, 01:05 PM

Quote:

Originally Posted by eschwartz

I haven't checked yet, but apparently the LastPass site gives you site history re:heartbleed vulnerability?

It does, and that is how I knew Amazon, Facebook, and Google had all been vulnerable in the past. I wouldn't get a false sense of relief about sites that are now safe if they were once vulnerable, assuming I used any of those sites and exchanged data with them. I have definitely used and have accounts with Amazon, Facebook, Google, and others and once I'm certain they have fixed the issues then I will change passwords. No need to change passwords until they are definitely fixed as that might keep you at risk.

DiapDealer · 04-10-2014, 03:08 PM

Quote:

Originally Posted by jswinden

No need to change passwords until they are definitely fixed as that might keep you at risk.

'zactly.

Everybody's gotta do what helps them sleep better at night. I get that. But here's the three scenarios I currently see regarding Heartbleed:

They already got my personal info and I'm already screwed--even if I change my password now.
I changed my password in time, but the site hasn't been patched against Heartbleed and my personal info is still vulnerable.
The site has already closed the Heartbleed hole, and I'm changing my password because it's just good practice.

Other than making sure my passwords aren't silly-simple, I've come to the realization that I really don't have a single bit of control over my own online "security."

Even if I had absolutely no online accounts, the companies, and financial institutions I did business with would still store my personal info in hackable databases. *shrug*

Purple Lady · 04-10-2014, 03:54 PM

Quote:

Originally Posted by jswinden

It does, and that is how I knew Amazon, Facebook, and Google had all been vulnerable in the past. I wouldn't get a false sense of relief about sites that are now safe if they were once vulnerable, assuming I used any of those sites and exchanged data with them. I have definitely used and have accounts with Amazon, Facebook, Google, and others and once I'm certain they have fixed the issues then I will change passwords. No need to change passwords until they are definitely fixed as that might keep you at risk.

I thought for Amazon it wasn't their main website, but their other stuff like Amazon Web Services. So as a regular client that just buys a lot of stuff you're ok.

daffy4u · 04-10-2014, 04:02 PM

Mashable has a chart that's a little easier to read.

http://mashable.com/2014/04/09/heart...ites-affected/

I use LastPass and have been changing passwords as advised (sometimes you have to wait for sites to update their certificates).

Hamlet53 · 04-10-2014, 04:13 PM

Quote:

Originally Posted by DiapDealer

'zactly.

Everybody's gotta do what helps them sleep better at night. I get that. But here's the three scenarios I currently see regarding Heartbleed:

They already got my personal info and I'm already screwed--even if I change my password now.
I changed my password in time, but the site hasn't been patched against Heartbleed and my personal info is still vulnerable.
The site has already closed the Heartbleed hole, and I'm changing my password because it's just good practice.

Other than making sure my passwords aren't silly-simple, I've come to the realization that I really don't have a single bit of control over my own online "security."

Even if I had absolutely no online accounts, the companies, and financial institutions I did business with would still store my personal info in hackable databases. *shrug*

Yes that's about it. The only thing that I have done so far is to avoid logging onto yahoo until I'm sure that it's in the clear.

Quote:

Originally Posted by daffy4u

Mashable has a chart that's a little easier to read.

http://mashable.com/2014/04/09/heart...ites-affected/

I use LastPass and have been changing passwords as advised (sometimes you have to wait for sites to update their certificates).

I find it funny that Target is on that list with a no [not impacted].

QuantumIguana · 04-10-2014, 04:23 PM

Passwords are Stone Age technology. The sooner we get away from them, the better.

04-09-2014, 09:06 AM	#1
speakingtohe Wizard Posts: 4,812 Karma: 26912940 Join Date: Apr 2010 Device: sony PRS-T1 and T3, Kobo Mini and Aura HD, Tablet	Heartbleed bug Revenue Canada has shut down their internet services de to the heartbleed bug. http://www.cra-arc.gc.ca/menu-eng.html#msg http://lifehacker.com/what-the-heart...you-1560801201 http://heartbleed.com/ More than a smidge scary Helen

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Glo Is this another bug ?	stethorn	Kobo Reader	14	08-10-2013 11:49 AM
0.6.1 bug	mrmikel	Sigil	8	12-04-2012 08:31 AM
DR800 Help, I've got a bug!! A bug on my screen!!	Franky	iRex	4	06-21-2011 11:45 AM
Embedded font bug or CSS bug in ADE	JSWolf	ePub	10	06-11-2011 02:34 PM
PRS-505 bug or eBookLib bug?	porkupan	Sony Reader	3	10-07-2007 10:44 PM

04-09-2014, 12:37 PM	#2
jersysman Wizard Posts: 1,747 Karma: 3761220 Join Date: Mar 2011 Location: Pennsylvania Device: T1 Red, Kindle Fire, Kindle PW, PW2, Nook HD+, Kobo Mini, Aura HD	I'll say. It's always something!

04-09-2014, 12:47 PM	#3
Mike L Wizard Posts: 1,479 Karma: 3846231 Join Date: Apr 2009 Location: Edinburgh, Scotland Device: Kindle 3, Samsung Galaxy	A couple of sites that I visit regularly seem to be off the air at present. I don't know it it's directly because of Heartbleed, but it is quite possible. Mike

04-09-2014, 04:43 PM	#4
Hamlet53 Nameless Being	I found that a lot of web sites that I normally visit daily were unreachable starting late afternoon; Pandora, Charles Schwab, . . . All were back online this morning though.

04-10-2014, 12:16 AM	#5
49Kat Fanatic Posts: 580 Karma: 1309104 Join Date: Oct 2011 Location: BC,Canada/NV, USA Device: iPad 9th Gen, iPhone 11, Paperwhite 10th Gen.	A member of the Malwarebytes message board posted a link regarding sites that had been tested for vulnerability. The results are here: https://github.com/musalbas/heartble...er/top1000.txt Interesting list. So far, I don't see anything that concerns me re sites I log in to. The list is not comprehensive, however, and not all the sites I deal with re finances are on that list either. Just for funzies, I searched for adobe, and the list shows it is not vulnerable to the bug. Yahoo...well, it is, from the look of things.

04-10-2014, 06:16 AM	#6
MickiTee Guru Posts: 860 Karma: 4097942 Join Date: Jun 2012 Location: London, UK Device: Sony PRS-505, Pocketbook TL3, TL4, TL5	This from CNET this morning about protecting yourself http://www.cnet.com/news/how-to-prot...tag=CAD1acfa04

04-10-2014, 06:32 AM	#7
Prestidigitweeze Fledgling Demagogue Posts: 2,384 Karma: 31132263 Join Date: Feb 2011 Location: White Plains Device: Clara HD; Oasis 2; Aura HD; iPad Air; PRS-350; Galaxy S7.	Here's a site for checking present and past site vulnerability: https://lastpass.com/heartbleed/

04-10-2014, 04:02 PM	#13
daffy4u I'm Super Kindle-icious Posts: 6,734 Karma: 2434103 Join Date: Apr 2008 Location: Long Drive, Calinadia Candafornia Device: KDXG, KT, Oasis	Mashable has a chart that's a little easier to read. http://mashable.com/2014/04/09/heart...ites-affected/ I use LastPass and have been changing passwords as advised (sometimes you have to wait for sites to update their certificates).

04-10-2014, 04:23 PM	#15
QuantumIguana Philosopher Posts: 2,034 Karma: 18736532 Join Date: Jan 2012 Device: Kindle Paperwhite 2 gen, Kindle Fire 1st Gen, Kindle Touch	Passwords are Stone Age technology. The sooner we get away from them, the better.